| Category | Started On | Completed On | Duration | Cuckoo Version |
|---|---|---|---|---|
| URL | 2014-07-15 10:34:03 | 2014-07-15 10:39:27 | 324 seconds | 1.2-dev |
| Machine | Label | Manager | Started On | Shutdown On |
|---|---|---|---|---|
| machine3 | winxpmacine3 | VirtualBox | 2014-07-15 10:34:03 | 2014-07-15 10:39:27 |
| URL | http://jue0jc.lukodorsai.info/dpta5n0tp2 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| VirusTotal |
Permalink VirusTotal Scan Date: 2014-07-15 13:09:59 Detection Rate: 2/57 (Expand)
|
| File name | RGI1.tmp |
|---|---|
| File size | 6411 bytes |
| File type | ASCII English text, with CRLF line terminators |
| MD5 | e246fa3b3fb5d3ff6c858d3c3a02779f |
| SHA1 | 88868495913e7eb27a02670c08903529d5f5b883 |
| SHA256 | 18140a6489d3aaf82269fc79fad77ae180b48e3508ea22c43ae1cc9587de5e3e |
| SHA512 | b46fdc6ea301d30fe908c031133d14fe49b7b94610632c21e801b893a9f28f7ed58c1b21af80c0418307395a62923e92d3e05a8614d9d10a437cb2d5b27711a4 |
| Ssdeep | None |
| Yara | None matched |
| VirusTotal | Search for Analysis |
| IP Address |
|---|
| 10.129.0.10 |
| 10.129.0.255 |
| 10.129.0.11 |
| 192.200.105.135 |
| Domain | IP Address |
|---|---|
| jue0jc.lukodorsai.info | 192.200.105.135 |
registry filesystem process services network synchronization
| Timestamp | Thread | Function | Arguments | Status | Return | Repeated |
|---|---|---|---|---|---|---|
| 18:34:09,210 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\Performance |
FAILURE | 0x00000002 | |
| 18:34:09,210 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00400000 FileName => IEXPLORE.EXE |
SUCCESS | 0x00000000 | |
| 18:34:09,210 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess |
FAILURE | 0x00000002 | |
| 18:34:09,210 | 588 | RegOpenKeyExA |
Handle => 0x000000b8 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess |
SUCCESS | 0x00000000 | |
| 18:34:09,220 | 588 | RegQueryValueExA |
Handle => 0x000000b8 Data => yes\x00 ValueName => BrowseNewProcess |
SUCCESS | 0x00000000 | |
| 18:34:09,220 | 588 | RegCloseKey |
Handle => 0x000000b8 |
SUCCESS | 0x00000000 | |
| 18:34:09,220 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Restrictions |
FAILURE | 0x00000002 | |
| 18:34:09,220 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Restrictions |
FAILURE | 0x00000002 | |
| 18:34:09,230 | 588 | LdrLoadDll |
Flags => 1309424 BaseAddress => 0x7c9c0000 FileName => SHELL32.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,230 | 588 | LdrGetProcedureAddress |
Ordinal => 175 FunctionName => FunctionAddress => 0x7c9ef778 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,240 | 588 | RegCreateKeyExW |
Handle => 0x000000bc Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
SUCCESS | 0x00000000 | |
| 18:34:09,240 | 588 | RegQueryValueExW |
Handle => 0x000000bc Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00D\x00e\x00s\x00k\x00t\x00o\x00p\x00\x00\x00 ValueName => Desktop |
SUCCESS | 0x00000000 | |
| 18:34:09,240 | 588 | RegCloseKey |
Handle => 0x000000bc |
SUCCESS | 0x00000000 | |
| 18:34:09,240 | 588 | RegCreateKeyExW |
Handle => 0x000000bc Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
SUCCESS | 0x00000000 | |
| 18:34:09,240 | 588 | RegSetValueExW |
Handle => 0x000000bc Buffer => C\x00:\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\\x00D\x00e\x00s\x00k\x00t\x00o\x00p\x00\x00\x00 ValueName => Desktop Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:09,240 | 588 | RegCloseKey |
Handle => 0x000000bc |
SUCCESS | 0x00000000 | |
| 18:34:09,240 | 588 | NtOpenFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Desktop DesiredAccess => 0x00100020 FileHandle => 0x000000bc |
SUCCESS | 0x00000000 | |
| 18:34:09,240 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => KERNEL32 |
SUCCESS | 0x00000000 | |
| 18:34:09,240 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => IsDebuggerPresent FunctionAddress => 0x7c813123 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 18:34:09,240 | 588 | IsDebuggerPresent | FAILURE | 0x00000000 | ||
| 18:34:09,240 | 588 | LdrLoadDll |
Flags => 1309076 BaseAddress => 0x7c9c0000 FileName => SHELL32.DLL |
SUCCESS | 0x00000000 | |
| 18:34:09,240 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DllGetVersion FunctionAddress => 0x7c9ffa03 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,240 | 588 | RegOpenKeyExA |
Handle => 0x0000000c Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer |
SUCCESS | 0x00000000 | |
| 18:34:09,240 | 588 | RegQueryValueExA |
Handle => 0x0000000c Data => 1 ValueName => IntegratedBrowser |
SUCCESS | 0x00000000 | |
| 18:34:09,240 | 588 | RegCloseKey |
Handle => 0x0000000c |
SUCCESS | 0x00000000 | |
| 18:34:09,240 | 588 | LdrLoadDll |
Flags => 1310260 BaseAddress => 0x774e0000 FileName => ole32.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,240 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => OleInitialize FunctionAddress => 0x774ff6ea ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,240 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => C:\WINDOWS\system32\rpcss.dll |
FAILURE | 3221225781 | 1 time |
| 18:34:09,250 | 588 | DeviceIoControl |
DeviceHandle => 0x00000040 OutBuffer => \x8b\x90\xe6\x89I\xb0\xe11\xe9\xcb\x88P\x95\x149\xc6\x94\xbb\xd9\xbe.\x8d0\xaay\xeb\xc4\x1e\xe8\x94\xe3x\x93/\x19\xa0\xf7\xaa\xfe\x03xa\xcf\xc8\xbb\+\xf2}\x8e\x80\xc3>\xa9@\x96\xb3L^\xba\x89\x99\xdc\xbe\x00\xa4\xa7\x14\xe4\xf5\xb4,zYle\xed\xce\x9b$\xa5~\xb0hh\xb0o\x13g%L\xb4\xbd\x85\xde\x15\xfd!*\xb8Q\x8b{FO\xbf\xf9\xae\x86\xfc\xbf\xd5*d\xa1\xc8u\xd7\xb1p_\xa2\x9d\x138bYNG\xbf\x8f(\x93/\xe2L\xbb\x90vZ\x80\x14\xfc>\x8e|)\x0fFV(\xfb\xf0a\x97\xa9n\xaf_;X\x81\x8b\x89\x7fq\x88\xbaW\xd1/\xe3\xd3\x82'\x85\x8e\x8a\x08Z\x02\xb9\x14\x93\x1f\xfa\xf5\x89T'\xd2\xfe\x9f\x12|\xa4\xa5\xf0\x11a\x81\x8c\xa9U?U\x91Q\xf6\x19l=BY\x00=z\xb7*\x89!\xdd\xf44b\xf5|\xc1\xf7\xd0\xf4\xee\xe1\x99i\xed6\xd1m\x82_\xfbuK\xe3l\xb52\x940\xf8\xbe\xa6\xd3v/ IoControlCode => 3735560 InBuffer => [k\x05'\x18\x0ey\xae\x97spX\x940<\x01\xc0"\xa8<\xa0\xbc\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000001 | |
| 18:34:09,250 | 588 | DeviceIoControl |
DeviceHandle => 0x00000040 OutBuffer => \xf6"\x8cv\xc8\xfe}\xa0Sh\xba}\x15H\xb5\xa8\xce-\xeb\x1bS\xabKB\xe4\xd5\x05)\xd7\x0f\xa9w\x1c\xb0-\xca\x93p\x11\xa6Z\x94\xf6\xfc\x8bNQ\x7fe;i\x0e\x05\xaa\xba\xf6\x18\x82U9\xd6\x84\x9be@^`\x8d\xc7=\x9e\xf5V\x8a\xd72\xd2\xb2\xa37\xa8 P\x88\x9b\xdel\xabl\xa7)d1\x95\x1a\x086\xba\xca\xa0W=\xfe\x08a\xf0\xcb \x03\xf9q\x8e\xe6\x84\xac\x89\x7fj\xb6\xbf0\x17\x1d8\xaeC\xedJ\xe5\xdf\xeb\xf8\x8d9\xd3\xe3\xca8\xe3p\xd8\xa3i\x1d\xfb\x1b\x08uG{b\x91\x03\x1b\x1b\x1a5\xe4\xd1\x90{\x04P}-+\x929YL\xfc\x1e\xe6W_\x92\x95\xe6R\xa1d\xf1\x9aB i?@\xe3\x1c\x8f3f\x19\xc4cZ\x7f~ w\x8f+?\x18\x1c0\xc0q|&|hg\x182\xb7\xb0\xb0k!\xbf\xe4D\xc4 \xf6a\x8b\xdeOD<8G\xc8Q\x01 \xd1x\x0b[r\xf2|\xb9\xaf\x9e\xdfK\xe9\xf4\x86A2 IoControlCode => 3735560 InBuffer => [k\x05'\x18\x0ey\xae\x97spX\x940M\\xe3:\xdf\xc1\xeb\xb6\xd2\xc0"\xa8<\xa0\xbc\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000001 | |
| 18:34:09,250 | 588 | DeviceIoControl |
DeviceHandle => 0x00000040 OutBuffer => \xae\x8a'\xd7\xc3I|\xb7Y\x94\xfb \xb6\x80\x1c[\x07(\x87\xad\x19\xd7l\xd9F\xe2\xd0\xabv\\xb5\xb7\xf1\x91Sm\x08U\xca\x03\xfb;\xd0\xe1\xa3\xaf\xac\xc4\xb5$ m\x0e\x9b@\x12\xd2 \xd4\x02\xde\xd0\xf9\xfe\x9a\xb1\xd4\xf2 Q~\xb7\\x8b\x9b:\xad\xa5C\xf3S]zB.\xa5s3\xd1\x1bz\xef\xac+z\xcf\x95\x96\xa7\xa2'5g\x80\xa6\x1e\xec|LwF\xb2N\xf3\x17s\x85\xe0\xba\xdaN\x98/\xa3\x82\xe9\x7f\x85\x9f\xda\xa6Eh'\xe3\xe71\x07\x95S\xac\x8d\xd7\xb3?\xb7W\xcd\x8e\x82\xd2\xf4\xf9hm\xa77\x8f_\xb9Y\x8cm\xa9\xe2\xe9_\x1fG\xef\xf5\x90\x1c\xf5\x7f\xf5\xb7\xc3\x7fq\xa0cr\xc5p8\xf2\x8f\x81 \x1f\x06d4\x07\x94\xbd^\xbe-G\x08\xd0!\xf0Fav/\xfbk'K\xf7@\x18{\x99\x12\xa0\x11-#G\x91\x9f\x15T0\xfbD\x82\x14 l\xad\x15\xb8.S\x05\xf7x\xc2\xcco\xeeq\x9a\x85`\xb4\xb7\xc9\xb2\x0b IoControlCode => 3735560 InBuffer => [k\x05'\x18\x0ey\xae\x97spX\x940M\\xe3:\xdf\xc1\xeb\xc7\x8f\xe3:\xdf\xc1\xeb\xb6\xd2\xc0"\xa8<\xa0\xbc\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000001 | |
| 18:34:09,250 | 588 | DeviceIoControl |
DeviceHandle => 0x00000040 OutBuffer => \x0cm\x99\xd7\xfc`MM3\x13\x99\xfa\xe6\xb5\x8b\xeeh0+\x80\xdb!\xf2\x135\xac\xb4\x96\x94\xf9\xea\xfd\xffx\x16\xd1\xf5\xbb\xfe\xb4\xda\xda \x04/\x85\xc6\xbf\xaa\xb9\xa8\x10\xf6#\xe3\x89\xfa\xd2\x8ds_\x0eO\xb9(\xce\x81p\xe3\xf2a|Go\xec\x14\x97\xc9\x1c\x9b>n5\x97\xa1YG\xfawax\x8b'a^\xcb\x15\x9d\xf3\x91\x16*\xe3\x8e\xcfaZ\xae\xfe\xbe\xb1r\\xba\xe6\x00\x04\xc8\xea\xfao\xabk\xe0\xcbu\x17X\x12\xf1(\xad\xca\x06+H\xf5u\x910\xd1\x15\xec\xf1\x87\x9e\x88v\x8c\xcd\x92\xd5C\x01F\xea\x9c\xd1\xaf\xcc\xd3\xcd>'Z\xeb(\xa7\xf3_;\xe3Avb\xcb\xcaK\xfd\x9b\x11&\x1d\x16\xf1\x84\xfa\xe2\xdc%\xac\xc4\xfe\x84=\xfb\xc6\x9f\x1d\xa4\xf5\xec\x99\xc3\x89s\xd3,=\xb5`\xd746\xea\xca\xfd\x19Dl\xff\x05},ji\xa6W_\xeb\xefq"\xe6O\x13\xe8\xce\x83\xf0\x9e+\x01/6\x02MK<\xa8|\xa2\xef\xf7\x11O IoControlCode => 3735560 InBuffer => [k\x05'\x18\x0ey\xae\x97spX\x940M\\xe3:\xdf\xc1\xeb\xc7\x8f\xe3:\xdf\xc1\xeb\xc7\x8f\xe3:\xdf\xc1\xeb\xb6\xd2\xc0"\xa8<\xa0\xbc\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000001 | |
| 18:34:09,250 | 588 | DeviceIoControl |
DeviceHandle => 0x00000040 OutBuffer => +:\x02\x8f\x85\x8c\xa3\x83\xa9\x08}CV\xb5\xe1w\xde\x1dTZm 3\xc1\xf3=\xaf\x8bg\xe7/\x01D\xc9\xbcy;\x16\x98^\xa0LV\x8a\xba\xd1\xa4\xa7,L\x86EJ"TGA\xfd\\xcf\x13\xff\x82)r\x14\x0f/.\x02\xd6xH^\xe5m\xec\x1b \xd2K\xc2x\xa2\xcc\xfby\x19\xd4\xad\xa5\x14\xaf\xfe\x954\xb9L\xae\xea@A\xbf \xde\x1e|\xf2T\xfb\xb3\x1e\xe0\x11\x87u\xe2\xe5\xb0L\x11\xed\xa0\xf6\x03*f\xc9!\xcfC\xe8b}b\xe2N\x859(\xe9C%\xff\x8b\xe1\x18\x90\xfeP\xa0\Z\xb8j\xeb)\xd7\xdc\xd5n\xef\x15'\xc3\xc8\xec\xbbz\xbd\xf8\xa8\xbf\xd3\xf8\xe4\x9f\x9eI\xc7P\x83\x8dd\xc3\x97\xf0\xc8\x17\xb9'Hu\x01\xce`!\xb0\xb9\xedjs)>\xf4\x06\xfe\xebp\xc3\x08"\xbe\xd9)\xf9\x12c\xcc\xde\xc5\xff\xd3S"n\xacKc\x83\xf4\xf2|`\xc1H \x93Jb\xd4\x9a\xf7/\xbb\xa1\xe8\xb3\xe2;^(\xee\xba`\xf4 IoControlCode => 3735560 InBuffer => [k\x05'\x18\x0ey\xae\x97spX\x940M\\xe3:\xdf\xc1\xeb\xc7\x8f\xe3:\xdf\xc1\xeb\xc7\x8f\xe3:\xdf\xc1\xeb\xc7\x8f\xe3:\xdf\xc1\xeb\xb6\xd2\xc0"\xa8<\xa0\xbc\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000001 | |
| 18:34:09,250 | 588 | DeviceIoControl |
DeviceHandle => 0x00000040 OutBuffer => F\x97\xd8\xe1t.\xcad\x01\xdc\xb3\x0b[\x8a\xfa\xcf\x8eZ\x9f\xf4\xee\xa3\x92\xf3\xcc\xb2\x90\xdd\xd6T\xe3tn\xf5\xba\xf5e\x03\x14\xa2\xbe:n{\xa6\x15\xb6\xeb?\xe0\xaf\x02^ \xa3W\x1f\xdaf7Wi\x93\x13~\xa4\xc5\xf7\xda\xea\x14\x9d\xde\x9a}\xcc\xe7\xc6\x05\xc4\xe3\xffw2\xbck~\x18S\x96TA\xcf\x87\x81y\x85\xa0=\x13\xa6>\x1f\x0e\xda\xb5\x17\xe25NT\xf5\x1ajl\xf5\x90\x12\xd5\xb9X\x9b@\xbd\xf9c\xa1\x9fZSGD\xdb\x9f\xaabX\xaf\xa9@\xea\x15!\xa7_E\x11\x16i$\xb6\xc9\xd9\x14\x15n\xd5d\xdaJ\xc4l\xcb\xd3\xea\xd9\x8e>\x19<\xe7\x1b\xd3#\xf0\xff,\xa9\xaa\x93\xd7\x0b\x0b\xed2dm\xb5L\x93n\xb7\xde#u\xba\xf8%y[\x9dn\xc0\xf9%\x049P?x\xf7\xfcz\xb8\x1e|\xdeld\xa8uo\x1bB\x84b\xe7\xe5\x14d\xde6M\x18\x87\x7f\x98\xc2\x8e\x04\x08\x8e\xf5~\xda\x9a\xcdL\xc9S\x05\x8eVz\x06\xaa IoControlCode => 3735560 InBuffer => [k\x05'\x18\x0ey\xae\x97spX\x940M\\xe3:\xdf\xc1\xeb\xc7\x8f\xe3:\xdf\xc1\xeb\xc7\x8f\xe3:\xdf\xc1\xeb\xc7\x8f\xe3:\xdf\xc1\xeb\xc7\x8f\xe3:\xdf\xc1\xeb\xb6\xd2\xc0"\xa8<\xa0\xbc\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000001 | |
| 18:34:09,250 | 588 | DeviceIoControl |
DeviceHandle => 0x00000040 OutBuffer => b\x90m)\xadc\xac\xd4m\xf7C&1j\xbd\x9e\xab7c\x10\xfeS\xb5\xd8\xf6\xcdW\x9e\x1d\xb0VH\x1b\xa0\x8a3#\x87\x88\xc5w_\xe1\xdc\xe7\x81\xe3\xb0\xc3A\xa6\xb9K.q\x9e\x81\xae\xbe4g\xf6\x0f \x19\xa2l\x8e\x1a\x10O\xdd\x8c\xb9\xb7\xe4\xffV\xbcHZ\xf1\xd9s\xf3\x82\xd9\xb6_\xb9\x9c\xd9\x1e}\xda\xf8sj\xacI\x08\xbfp\xa4\xacd\x1b\xd0\xf5\x1e\xda\x97`c\x89\x1d_\xc0 \x82G\xac\xdb\xb8\xb4\xc8:F\xd7v\x06q\xdeq<\xd2\xe9\xf8\xa8\xf3v\x0b\xe0n\xcfHFi\xe2G_\xac\x89]\x116X\xa7C\xd2\xb7\x83\x1d=v\x16\xc6P@1 ?e?\x85j\x1d.\xd3\x86\xdd\xeagk\x9a\xd0,\xc9\xc5p\x8e\xfa\xf1\x8d\xcf\x83]9\x8b~P\x15\x0e9\xe7\xd4\xab8\xa9\xe32}\x1c\x1bH\xb8F\x1cZ\xb9\x9d\xf3\xba>\x13o\xba\x89\x97\x05\xd8)\x8d\xc8\x8a\xfd\x17\xba)I\xdd\x9b\x94Z\xd3GO\xf8\xe5s\x9a&\x9a\CG IoControlCode => 3735560 InBuffer => [k\x05'\x18\x0ey\xae\x97spX\x940M\\xe3:\xdf\xc1\xeb\xc7\x8f\xe3:\xdf\xc1\xeb\xc7\x8f\xe3:\xdf\xc1\xeb\xc7\x8f\xe3:\xdf\xc1\xeb\xc7\x8f\xe3:\xdf\xc1\xeb\xc7\x8f\xe3:\xdf\xc1\xeb\xb6\xd2\xc0"\xa8<\xa0\xbc\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000001 | |
| 18:34:09,250 | 588 | LdrLoadDll |
Flags => 1308692 BaseAddress => 0x5ad70000 FileName => C:\WINDOWS\system32\uxtheme.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,250 | 588 | IsDebuggerPresent | FAILURE | 0x00000000 | ||
| 18:34:09,250 | 588 | LdrLoadDll |
Flags => 1308512 BaseAddress => 0x5ad70000 FileName => uxtheme.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,250 | 588 | GetSystemMetrics |
SystemMetricIndex => 31 |
SUCCESS | 0x00000019 | |
| 18:34:09,250 | 588 | ZwMapViewOfSection |
SectionOffset => 0x0013f648 SectionHandle => 0x0000000c ProcessHandle => 0xffffffff BaseAddress => 0x00c00000 |
SUCCESS | 0x00000000 | |
| 18:34:09,261 | 588 | GetSystemMetrics |
SystemMetricIndex => 31 |
SUCCESS | 0x00000019 | 1 time |
| 18:34:09,261 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => EXPLORER.EXE |
FAILURE | 3221225781 | 1 time |
| 18:34:09,261 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00400000 FileName => IEXPLORE.EXE |
SUCCESS | 0x00000000 | |
| 18:34:09,261 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7c9c0000 FileName => SHELL32.DLL |
SUCCESS | 0x00000000 | |
| 18:34:09,261 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DllGetVersion FunctionAddress => 0x7c9ffa03 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,271 | 588 | LdrLoadDll |
Flags => 1310248 BaseAddress => 0x75f80000 FileName => BROWSEUI.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,271 | 588 | LdrGetProcedureAddress |
Ordinal => 123 FunctionName => FunctionAddress => 0x75fae8d7 ModuleHandle => 0x75f80000 |
SUCCESS | 0x00000000 | |
| 18:34:09,271 | 588 | RegCreateKeyExW |
Handle => 0x000000d0 Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
SUCCESS | 0x00000000 | |
| 18:34:09,281 | 588 | RegQueryValueExW |
Handle => 0x000000d0 Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00F\x00a\x00v\x00o\x00r\x00i\x00t\x00e\x00s\x00\x00\x00 ValueName => Favorites |
SUCCESS | 0x00000000 | |
| 18:34:09,281 | 588 | RegCloseKey |
Handle => 0x000000d0 |
SUCCESS | 0x00000000 | |
| 18:34:09,281 | 588 | RegCreateKeyExW |
Handle => 0x000000d0 Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
SUCCESS | 0x00000000 | |
| 18:34:09,281 | 588 | RegSetValueExW |
Handle => 0x000000d0 Buffer => C\x00:\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\\x00F\x00a\x00v\x00o\x00r\x00i\x00t\x00e\x00s\x00\x00\x00 ValueName => Favorites Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:09,281 | 588 | RegCloseKey |
Handle => 0x000000d0 |
SUCCESS | 0x00000000 | |
| 18:34:09,281 | 588 | LdrGetProcedureAddress |
Ordinal => 125 FunctionName => FunctionAddress => 0x75fae68b ModuleHandle => 0x75f80000 |
SUCCESS | 0x00000000 | |
| 18:34:09,281 | 588 | LdrGetProcedureAddress |
Ordinal => 102 FunctionName => FunctionAddress => 0x75fa5429 ModuleHandle => 0x75f80000 |
SUCCESS | 0x00000000 | |
| 18:34:09,281 | 588 | GetSystemMetrics |
SystemMetricIndex => 67 |
SUCCESS | 0x00000000 | |
| 18:34:09,281 | 588 | RegOpenKeyExW |
Handle => 0x000000d0 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer |
SUCCESS | 0x00000000 | |
| 18:34:09,281 | 588 | RegOpenKeyExW |
Handle => 0x000000d4 Registry => 0x000000d0 SubKey => Streams |
SUCCESS | 0x00000000 | |
| 18:34:09,281 | 588 | RegQueryValueExW |
Handle => 0x000000d4 Data => ValueName => Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,281 | 588 | RegCloseKey |
Handle => 0x000000d4 |
SUCCESS | 0x00000000 | |
| 18:34:09,281 | 588 | LdrLoadDll |
Flags => 1306008 BaseAddress => 0x7c9c0000 FileName => SHELL32.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,281 | 588 | LdrGetProcedureAddress |
Ordinal => 654 FunctionName => FunctionAddress => 0x7ca346d1 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,281 | 588 | RegOpenKeyExW |
Handle => 0x000000d8 Registry => 0x000000d0 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:09,281 | 588 | RegQueryValueExW |
Handle => 0x000000d8 DataLength => 36 ValueName => ShellState Type => 3 |
SUCCESS | 0x00000000 | |
| 18:34:09,281 | 588 | RegQueryValueExW |
Handle => 0x000000d8 Data => ValueName => ShellState |
SUCCESS | 0x00000000 | |
| 18:34:09,281 | 588 | RegCloseKey |
Handle => 0x000000d8 |
SUCCESS | 0x00000000 | |
| 18:34:09,281 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 18:34:09,281 | 588 | RegOpenKeyExW |
Handle => 0x000000dc Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 18:34:09,281 | 588 | RegQueryValueExW |
Handle => 0x000000dc DataLength => 4 ValueName => ForceActiveDesktopOn Type => 1304856 |
FAILURE | 0x00000002 | |
| 18:34:09,281 | 588 | RegCloseKey |
Handle => 0x000000dc |
SUCCESS | 0x00000000 | |
| 18:34:09,281 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 18:34:09,281 | 588 | RegOpenKeyExW |
Handle => 0x000000dc Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 18:34:09,281 | 588 | RegQueryValueExW |
Handle => 0x000000dc DataLength => 4 ValueName => NoActiveDesktop Type => 1304852 |
FAILURE | 0x00000002 | |
| 18:34:09,281 | 588 | RegCloseKey |
Handle => 0x000000dc |
SUCCESS | 0x00000000 | |
| 18:34:09,281 | 588 | GetSystemMetrics |
SystemMetricIndex => 4096 |
SUCCESS | 0x00000000 | 1 time |
| 18:34:09,291 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\System |
FAILURE | 0x00000002 | |
| 18:34:09,291 | 588 | GetSystemMetrics |
SystemMetricIndex => 4096 |
SUCCESS | 0x00000000 | 1 time |
| 18:34:09,291 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 18:34:09,291 | 588 | RegOpenKeyExW |
Handle => 0x000000dc Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 18:34:09,291 | 588 | RegQueryValueExW |
Handle => 0x000000dc DataLength => 4 ValueName => NoWebView Type => 1304856 |
FAILURE | 0x00000002 | |
| 18:34:09,291 | 588 | RegCloseKey |
Handle => 0x000000dc |
SUCCESS | 0x00000000 | |
| 18:34:09,291 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 18:34:09,291 | 588 | RegOpenKeyExW |
Handle => 0x000000dc Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 18:34:09,291 | 588 | RegQueryValueExW |
Handle => 0x000000dc DataLength => 4 ValueName => ClassicShell Type => 1304856 |
FAILURE | 0x00000002 | |
| 18:34:09,291 | 588 | RegCloseKey |
Handle => 0x000000dc |
SUCCESS | 0x00000000 | |
| 18:34:09,291 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 18:34:09,291 | 588 | RegOpenKeyExW |
Handle => 0x000000dc Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 18:34:09,291 | 588 | RegQueryValueExW |
Handle => 0x000000dc DataLength => 4 ValueName => DontShowSuperHidden Type => 1304856 |
FAILURE | 0x00000002 | |
| 18:34:09,291 | 588 | RegCloseKey |
Handle => 0x000000dc |
SUCCESS | 0x00000000 | |
| 18:34:09,291 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 18:34:09,291 | 588 | RegOpenKeyExW |
Handle => 0x000000dc Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 18:34:09,291 | 588 | RegQueryValueExW |
Handle => 0x000000dc DataLength => 4 ValueName => SeparateProcess Type => 1304856 |
FAILURE | 0x00000002 | |
| 18:34:09,291 | 588 | RegCloseKey |
Handle => 0x000000dc |
SUCCESS | 0x00000000 | |
| 18:34:09,291 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 18:34:09,301 | 588 | RegOpenKeyExW |
Handle => 0x000000dc Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 18:34:09,301 | 588 | RegQueryValueExW |
Handle => 0x000000dc DataLength => 4 ValueName => NoNetCrawling Type => 1304856 |
FAILURE | 0x00000002 | |
| 18:34:09,301 | 588 | RegCloseKey |
Handle => 0x000000dc |
SUCCESS | 0x00000000 | |
| 18:34:09,301 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 18:34:09,301 | 588 | RegOpenKeyExW |
Handle => 0x000000dc Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 18:34:09,301 | 588 | RegQueryValueExW |
Handle => 0x000000dc DataLength => 4 ValueName => NoSimpleStartMenu Type => 1304856 |
FAILURE | 0x00000002 | |
| 18:34:09,301 | 588 | RegCloseKey |
Handle => 0x000000dc |
SUCCESS | 0x00000000 | |
| 18:34:09,301 | 588 | RegOpenKeyExW |
Handle => 0x000000dc Registry => 0x000000d0 SubKey => Advanced |
SUCCESS | 0x00000000 | |
| 18:34:09,301 | 588 | RegQueryValueExW |
Handle => 0x000000dc Data => 2 ValueName => Hidden |
SUCCESS | 0x00000000 | |
| 18:34:09,301 | 588 | RegQueryValueExW |
Handle => 0x000000dc Data => 1 ValueName => ShowCompColor |
SUCCESS | 0x00000000 | |
| 18:34:09,301 | 588 | RegQueryValueExW |
Handle => 0x000000dc Data => 1 ValueName => HideFileExt |
SUCCESS | 0x00000000 | |
| 18:34:09,301 | 588 | RegQueryValueExW |
Handle => 0x000000dc Data => 0 ValueName => DontPrettyPath |
SUCCESS | 0x00000000 | |
| 18:34:09,301 | 588 | RegQueryValueExW |
Handle => 0x000000dc Data => 1 ValueName => ShowInfoTip |
SUCCESS | 0x00000000 | |
| 18:34:09,301 | 588 | RegQueryValueExW |
Handle => 0x000000dc Data => 0 ValueName => HideIcons |
SUCCESS | 0x00000000 | |
| 18:34:09,301 | 588 | RegQueryValueExW |
Handle => 0x000000dc Data => 0 ValueName => MapNetDrvBtn |
SUCCESS | 0x00000000 | |
| 18:34:09,301 | 588 | RegQueryValueExW |
Handle => 0x000000dc Data => 1 ValueName => WebView |
SUCCESS | 0x00000000 | |
| 18:34:09,301 | 588 | RegQueryValueExW |
Handle => 0x000000dc Data => 0 ValueName => Filter |
SUCCESS | 0x00000000 | |
| 18:34:09,301 | 588 | RegQueryValueExW |
Handle => 0x000000dc DataLength => 4 ValueName => ShowSuperHidden Type => 1306024 |
FAILURE | 0x00000002 | |
| 18:34:09,301 | 588 | RegQueryValueExW |
Handle => 0x000000dc Data => 0 ValueName => SeparateProcess |
SUCCESS | 0x00000000 | |
| 18:34:09,301 | 588 | RegQueryValueExW |
Handle => 0x000000dc DataLength => 4 ValueName => NoNetCrawling Type => 1306024 |
FAILURE | 0x00000002 | |
| 18:34:09,301 | 588 | RegCloseKey |
Handle => 0x000000dc |
SUCCESS | 0x00000000 | |
| 18:34:09,301 | 588 | GetSystemMetrics |
SystemMetricIndex => 67 |
SUCCESS | 0x00000000 | |
| 18:34:09,301 | 588 | RegOpenKeyExW |
Handle => 0x000000e0 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState |
SUCCESS | 0x00000000 | |
| 18:34:09,301 | 588 | RegQueryValueExW |
Handle => 0x000000e0 Data => ValueName => Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,301 | 588 | RegQueryValueExW |
Handle => 0x000000e0 Data => 0 ValueName => FullPath |
SUCCESS | 0x00000000 | |
| 18:34:09,301 | 588 | RegCloseKey |
Handle => 0x000000e0 |
SUCCESS | 0x00000000 | |
| 18:34:09,301 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SHGetInstanceExplorer FunctionAddress => 0x7cac4006 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,311 | 588 | LdrLoadDll |
Flags => 1305300 BaseAddress => 0x7e290000 FileName => shdocvw.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,311 | 588 | LdrLoadDll |
Flags => 1305300 BaseAddress => 0x7c9c0000 FileName => shell32.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,311 | 588 | LdrGetProcedureAddress |
Ordinal => 176 FunctionName => FunctionAddress => 0x7cac3ff0 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,311 | 588 | RegOpenKeyExA |
Handle => 0x000000e0 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\International |
SUCCESS | 0x00000000 | |
| 18:34:09,311 | 588 | RegQueryValueExA |
Handle => 0x000000e0 DataLength => 260 ValueName => CheckVersion Type => 224 |
FAILURE | 0x00000002 | |
| 18:34:09,311 | 588 | RegCloseKey |
Handle => 0x000000e0 |
SUCCESS | 0x00000000 | |
| 18:34:09,311 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => KERNEL32 |
SUCCESS | 0x00000000 | |
| 18:34:09,311 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetSystemDefaultUILanguage FunctionAddress => 0x7c8130c8 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 18:34:09,311 | 588 | LdrLoadDll |
Flags => 1303764 BaseAddress => 0x71600000 FileName => C:\WINDOWS\system32\browselc.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,311 | 588 | LdrLoadDll |
Flags => 1304140 BaseAddress => 0x5d090000 FileName => COMCTL32.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,311 | 588 | LdrGetProcedureAddress |
Ordinal => 328 FunctionName => FunctionAddress => 0x5d0a0bd1 ModuleHandle => 0x5d090000 |
SUCCESS | 0x00000000 | |
| 18:34:09,311 | 588 | LdrGetProcedureAddress |
Ordinal => 334 FunctionName => FunctionAddress => 0x5d09687c ModuleHandle => 0x5d090000 |
SUCCESS | 0x00000000 | |
| 18:34:09,311 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => KERNEL32 |
SUCCESS | 0x00000000 | |
| 18:34:09,311 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetUserDefaultUILanguage FunctionAddress => 0x7c813100 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 18:34:09,311 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => C:\WINDOWS\system32\SHDOCVW.dll |
FAILURE | 3221225781 | |
| 18:34:09,311 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7e290000 FileName => C:\WINDOWS\system32\SHDOCVW.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,311 | 588 | LdrLoadDll |
Flags => 1302092 BaseAddress => 0x77b40000 FileName => appHelp.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => ApphelpCheckShellObject FunctionAddress => 0x77b46906 ModuleHandle => 0x77b40000 |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | NtOpenKey |
DesiredAccess => 1 KeyHandle => 0x000000e0 ObjectAttributes => \Registry\MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | NtQueryValueKey |
KeyHandle => 0x000000e0 ValueName => DisableAppCompat |
FAILURE | 3221225524 | |
| 18:34:09,321 | 588 | NtOpenKey |
DesiredAccess => 2147483648 KeyHandle => 0x000000e0 ObjectAttributes => \Registry\Machine\Software\Classes\CLSID\{a5e46e3a-8849-11d1-9d8c-00c04fc99d61}\InProcServer32 |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | NtQueryValueKey |
Information => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00s\x00h\x00d\x00o\x00c\x00v\x00w\x00.\x00d\x00l\x00l\x00\x00\x00 KeyHandle => 0x000000e0 ValueName => Type => 2 |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7e290000 FileName => shdocvw.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | LdrLoadDll |
Flags => 1302084 BaseAddress => 0x774e0000 FileName => ole32.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoCreateInstance FunctionAddress => 0x7750057e ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegOpenKeyExW |
Handle => 0x000000e0 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegQueryValueExW |
Handle => 0x000000e0 Data => 1 ValueName => Com+Enabled |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegCloseKey |
Handle => 0x000000e0 |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | LdrLoadDll |
Flags => 1301644 BaseAddress => 0x76fd0000 FileName => CLBCATQ.DLL |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetCatalogObject FunctionAddress => 0x76fd3f78 ModuleHandle => 0x76fd0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegOpenKeyExW |
Handle => 0x000000e0 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegQueryValueExW |
Handle => 0x000000e0 Data => 1 ValueName => Com+Enabled |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegCloseKey |
Handle => 0x000000e0 |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | LdrLoadDll |
Flags => 1301644 BaseAddress => 0x76fd0000 FileName => CLBCATQ.DLL |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetCatalogObject2 FunctionAddress => 0x76fd4017 ModuleHandle => 0x76fd0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | LdrGetDllHandle |
ModuleHandle => 0x774e0000 FileName => ole32.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CLSIDFromOle1Class FunctionAddress => 0x775188b9 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | NtOpenKey |
DesiredAccess => 33554432 KeyHandle => 0x000000e4 ObjectAttributes => \Registry\User\S-1-5-21-1935655697-1606980848-1060284298-1003_Classes |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegOpenKeyExW |
Handle => 0x000000e0 Registry => 0x80000002 SubKey => Software\Classes |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegOpenKeyExW |
Handle => 0x000000ec Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | NtOpenKey |
DesiredAccess => 16 KeyHandle => 0x000000f4 ObjectAttributes => \REGISTRY\USER |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegOpenKeyExW |
Handle => 0x000000fc Registry => 0x80000002 SubKey => Software\Classes |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | NtOpenKey |
DesiredAccess => 16 KeyHandle => 0x00000104 ObjectAttributes => \REGISTRY\USER |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegOpenKeyExW |
Handle => 0x0000010c Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegOpenKeyExW |
Handle => 0x00000114 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegOpenKeyExW |
Handle => 0x0000011c Registry => 0x80000002 SubKey => Software\Classes\CLSID |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegOpenKeyExW |
Handle => 0x00000124 Registry => 0x80000002 SubKey => Software\Classes |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegOpenKeyExW |
Handle => 0x0000012c Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | NtOpenKey |
DesiredAccess => 16 KeyHandle => 0x00000134 ObjectAttributes => \REGISTRY\USER |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegOpenKeyExW |
Handle => 0x0000013c Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegOpenKeyExW |
Handle => 0x00000144 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegOpenKeyExW |
Handle => 0x0000014c Registry => 0x80000002 SubKey => Software\Classes\CLSID |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegOpenKeyExW |
Handle => 0x00000154 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegQueryValueExW |
Handle => 0x00000154 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegCloseKey |
Handle => 0x00000154 |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => KERNEL32.DLL |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => InitializeCriticalSectionAndSpinCount FunctionAddress => 0x7c80b8b9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | NtCreateFile |
ShareAccess => 1 FileName => C:\WINDOWS\Registration\R000000000007.clb DesiredAccess => 0x80100080 CreateDisposition => 1 FileHandle => 0x00000154 |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | NtQueryInformationFile |
FileHandle => 0x00000154 FileInformation => \x00`\x00\x00\x00\x00\x00\x00\xf0W\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | NtSetInformationFile |
FileHandle => 0x00000154 FileInformation => |
SUCCESS | 0x00000000 | 1 time |
| 18:34:09,321 | 588 | NtReadFile |
Buffer => COM+\x01\x00\x00\x00\x01\x00\x12\x00$\x00\x00\x00\x00\x01\x01\x00c\x00\x00\x00\x00\x00\x00\x01\x01\x00\x00\x00\x00\x01\x10\x00\x00\x00\x00\x00\xc0\x00\x00\x00\x00\x00\x00F\x0e\x00\x00\x000\x01\x00\x00\xa0\x03\x00\x003_0\x00\xd0\x04\x00\x00\x0c\x00\x00\x003_1\x00\xdc\x04\x00\x00\x88\x02\x00\x003_2\x00d\x07\x00\x00<\x00\x00\x003_3\x00\xa0\x07\x00\x00\x90\x08\x00\x003_4\x000\x10\x00\x00(\x00\x00\x003_5\x00X\x10\x00\x00(\x00\x00\x003_6\x00\x80\x10\x00\x00(\x00\x00\x003_7\x00\xa8\x10\x00\x00\x88\x10\x00\x003_8\x000!\x00\x00\xa8 \x00\x003_9\x00\xd8*\x00\x00<\x04\x00\x003_10\x00\x00\x00\x00\x14/\x00\x00\x0c\x01\x00\x003_11\x00\x00\x00\x00 0\x00\x00\x1c\x00\x00\x003_12\x00\x00\x00\x00<0\x00\x00\x14\x00\x00\x003_16\x00\x00\x00\x00P0\x00\x00\x90\x0e\x00\x00#Schema\x00\xe0>\x00\x00 FileHandle => 0x00000154 |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegOpenKeyExW |
Handle => 0x00000154 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegQueryValueExW |
Handle => 0x00000154 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegCloseKey |
Handle => 0x00000154 |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegOpenKeyExW |
Handle => 0x00000156 Registry => 0x000000e6 SubKey => CLSID\{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000156 SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:09,321 | 588 | RegOpenKeyExW |
Handle => 0x0000015a Registry => 0x000000e6 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegCloseKey |
Handle => 0x00000156 |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegOpenKeyExW |
Handle => 0x00000156 Registry => 0x0000015a SubKey => CLSID\{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegOpenKeyExW |
Handle => 0x0000015e Registry => 0x00000156 SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegQueryValueExW |
Handle => 0x0000015e DataLength => 1000 ValueName => InprocServer32 Type => 1567048 |
FAILURE | 0x00000002 | |
| 18:34:09,321 | 588 | RegCloseKey |
Handle => 0x0000015e |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000156 SubKey => InprocServerX86 |
FAILURE | 0x00000002 | |
| 18:34:09,321 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000156 SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:09,321 | 588 | RegOpenKeyExW |
Handle => 0x0000015e Registry => 0x00000156 SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegQueryValueExW |
Handle => 0x0000015e Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00s\x00h\x00d\x00o\x00c\x00v\x00w\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegCloseKey |
Handle => 0x0000015e |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000156 SubKey => InprocHandler32 |
FAILURE | 0x00000002 | |
| 18:34:09,321 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000156 SubKey => InprocHandlerX86 |
FAILURE | 0x00000002 | |
| 18:34:09,321 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000156 SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:09,321 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000156 SubKey => LocalServer |
FAILURE | 0x00000002 | |
| 18:34:09,321 | 588 | RegOpenKeyExW |
Handle => 0x0000015e Registry => 0x0000015a SubKey => CLSID\{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegQueryValueExW |
Handle => 0x0000015e DataLength => 100 ValueName => AppID Type => 1301436 |
FAILURE | 0x00000002 | |
| 18:34:09,321 | 588 | RegCloseKey |
Handle => 0x0000015e |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegCloseKey |
Handle => 0x00000156 |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegOpenKeyExW |
Handle => 0x00000156 Registry => 0x0000015a SubKey => CLSID\{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegOpenKeyExW |
Handle => 0x0000015e Registry => 0x00000156 SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegQueryValueExW |
Handle => 0x0000015e Data => A\x00p\x00a\x00r\x00t\x00m\x00e\x00n\x00t\x00\x00\x00 ValueName => ThreadingModel |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegCloseKey |
Handle => 0x0000015e |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegCloseKey |
Handle => 0x00000156 |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | LdrGetDllHandle |
ModuleHandle => 0x774e0000 FileName => ole32.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoGetMarshalSizeMax FunctionAddress => 0x7752d6c0 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoMarshalInterface FunctionAddress => 0x7750ea71 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoUnmarshalInterface FunctionAddress => 0x7752d7f4 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoReleaseMarshalData FunctionAddress => 0x7750df23 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegOpenKeyExW |
Handle => 0x00000156 Registry => 0x80000000 SubKey => CLSID\{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000156 SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:09,321 | 588 | RegCloseKey |
Handle => 0x00000156 |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | LdrLoadDll |
Flags => 1298212 BaseAddress => 0x7e290000 FileName => C:\WINDOWS\system32\shdocvw.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DllGetClassObject FunctionAddress => 0x7e2a531d ModuleHandle => 0x7e290000 |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DllCanUnloadNow FunctionAddress => 0x7e2b200a ModuleHandle => 0x7e290000 |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | LdrGetProcedureAddress |
Ordinal => 328 FunctionName => FunctionAddress => 0x773e1559 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegCreateKeyExW |
Handle => 0x00000154 Access => 131099 Registry => 0x80000001 Class => SubKey => SOFTWARE\Microsoft\Internet Explorer\Security\P3Global |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegCreateKeyExW |
Handle => 0x0000015c Access => 131101 Registry => 0x80000001 Class => SubKey => SOFTWARE\Microsoft\Internet Explorer\Security\P3Sites |
SUCCESS | 0x00000000 | |
| 18:34:09,321 | 588 | RegQueryValueExW |
Handle => 0x00000154 Data => 1 ValueName => Enabled |
SUCCESS | 0x00000000 | |
| 18:34:09,331 | 588 | LdrGetProcedureAddress |
Ordinal => 68 FunctionName => FunctionAddress => 0x7c9ec3b0 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,331 | 588 | LdrLoadDll |
Flags => 1302172 BaseAddress => 0x7e290000 FileName => SHDOCVW.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,331 | 588 | LdrGetProcedureAddress |
Ordinal => 141 FunctionName => FunctionAddress => 0x7e2d48bd ModuleHandle => 0x7e290000 |
SUCCESS | 0x00000000 | |
| 18:34:09,331 | 588 | RegOpenKeyExW |
Handle => 0x00000160 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
SUCCESS | 0x00000000 | |
| 18:34:09,331 | 588 | RegQueryValueExW |
Handle => 0x00000160 DataLength => 4 ValueName => ClassicViewState Type => 1302344 |
FAILURE | 0x00000002 | |
| 18:34:09,331 | 588 | RegCloseKey |
Handle => 0x00000160 |
SUCCESS | 0x00000000 | |
| 18:34:09,331 | 588 | LdrGetProcedureAddress |
Ordinal => 197 FunctionName => FunctionAddress => 0x7e3019ad ModuleHandle => 0x7e290000 |
SUCCESS | 0x00000000 | |
| 18:34:09,331 | 588 | LdrGetProcedureAddress |
Ordinal => 320 FunctionName => FunctionAddress => 0x773e0a75 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,331 | 588 | LdrGetProcedureAddress |
Ordinal => 324 FunctionName => FunctionAddress => 0x773e0c22 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,331 | 588 | LdrGetProcedureAddress |
Ordinal => 322 FunctionName => FunctionAddress => 0x773e0ad4 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,331 | 588 | LdrGetProcedureAddress |
Ordinal => 325 FunctionName => FunctionAddress => 0x773e0b98 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,331 | 588 | GetSystemMetrics |
SystemMetricIndex => 31 |
SUCCESS | 0x00000019 | 10 times |
| 18:34:09,371 | 588 | LdrGetProcedureAddress |
Ordinal => 18 FunctionName => FunctionAddress => 0x7c9eadf5 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,371 | 588 | LdrGetDllHandle |
ModuleHandle => 0x774e0000 FileName => OLE32.DLL |
SUCCESS | 0x00000000 | |
| 18:34:09,371 | 588 | LdrLoadDll |
Flags => 1301856 BaseAddress => 0x774e0000 FileName => ole32.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,371 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoGetMalloc FunctionAddress => 0x774fdd08 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,371 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RegisterDragDrop FunctionAddress => 0x774ff62a ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,371 | 588 | LdrGetProcedureAddress |
Ordinal => 176 FunctionName => FunctionAddress => 0x7e2ff0b8 ModuleHandle => 0x7e290000 |
SUCCESS | 0x00000000 | |
| 18:34:09,371 | 588 | RegOpenKeyExA |
Handle => 0x00000162 Registry => 0x80000000 SubKey => .htm |
SUCCESS | 0x00000000 | |
| 18:34:09,381 | 588 | RegQueryValueExA |
Handle => 0x00000162 Data => ChromeHTML\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:09,381 | 588 | RegCloseKey |
Handle => 0x00000162 |
SUCCESS | 0x00000000 | |
| 18:34:09,381 | 588 | RegOpenKeyExA |
Handle => 0x00000162 Registry => 0x80000000 SubKey => .htm |
SUCCESS | 0x00000000 | |
| 18:34:09,381 | 588 | RegQueryValueExA |
Handle => 0x00000162 Data => text/html\x00 ValueName => Content Type |
SUCCESS | 0x00000000 | |
| 18:34:09,381 | 588 | RegCloseKey |
Handle => 0x00000162 |
SUCCESS | 0x00000000 | |
| 18:34:09,381 | 588 | RegOpenKeyExA |
Handle => 0x00000162 Registry => 0x80000000 SubKey => .html |
SUCCESS | 0x00000000 | |
| 18:34:09,381 | 588 | RegQueryValueExA |
Handle => 0x00000162 Data => ChromeHTML\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:09,381 | 588 | RegCloseKey |
Handle => 0x00000162 |
SUCCESS | 0x00000000 | |
| 18:34:09,381 | 588 | RegOpenKeyExA |
Handle => 0x00000162 Registry => 0x80000000 SubKey => .html |
SUCCESS | 0x00000000 | |
| 18:34:09,381 | 588 | RegQueryValueExA |
Handle => 0x00000162 Data => text/html\x00 ValueName => Content Type |
SUCCESS | 0x00000000 | |
| 18:34:09,381 | 588 | RegCloseKey |
Handle => 0x00000162 |
SUCCESS | 0x00000000 | |
| 18:34:09,381 | 588 | LdrGetProcedureAddress |
Ordinal => 100 FunctionName => FunctionAddress => 0x7c9ec059 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,381 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 18:34:09,381 | 588 | RegOpenKeyExW |
Handle => 0x00000160 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 18:34:09,381 | 588 | RegQueryValueExW |
Handle => 0x00000160 DataLength => 4 ValueName => NoFileMenu Type => 1301520 |
FAILURE | 0x00000002 | |
| 18:34:09,381 | 588 | RegCloseKey |
Handle => 0x00000160 |
SUCCESS | 0x00000000 | |
| 18:34:09,381 | 588 | LdrGetProcedureAddress |
Ordinal => 100 FunctionName => FunctionAddress => 0x7c9ec059 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,381 | 588 | LdrGetProcedureAddress |
Ordinal => 159 FunctionName => FunctionAddress => 0x7e2d4a3d ModuleHandle => 0x7e290000 |
SUCCESS | 0x00000000 | |
| 18:34:09,381 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Restrictions |
FAILURE | 0x00000002 | |
| 18:34:09,381 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Restrictions |
FAILURE | 0x00000002 | |
| 18:34:09,421 | 588 | LdrGetProcedureAddress |
Ordinal => 170 FunctionName => FunctionAddress => 0x7e2b30e7 ModuleHandle => 0x7e290000 |
SUCCESS | 0x00000000 | |
| 18:34:09,421 | 588 | RegOpenKeyExA |
Handle => 0x00000162 Registry => 0x80000000 SubKey => http |
SUCCESS | 0x00000000 | |
| 18:34:09,421 | 588 | RegQueryValueExA |
Handle => 0x00000162 DataLength => 39 ValueName => ShellFolder Type => 354 |
FAILURE | 0x00000002 | |
| 18:34:09,421 | 588 | RegCloseKey |
Handle => 0x00000162 |
SUCCESS | 0x00000000 | |
| 18:34:09,421 | 588 | LdrGetProcedureAddress |
Ordinal => 196 FunctionName => FunctionAddress => 0x7c9ead60 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,421 | 588 | LdrGetProcedureAddress |
Ordinal => 25 FunctionName => FunctionAddress => 0x7c9eb115 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,421 | 588 | LdrGetProcedureAddress |
Ordinal => 155 FunctionName => FunctionAddress => 0x7c9eaaec ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,421 | 588 | GetSystemMetrics |
SystemMetricIndex => 67 |
SUCCESS | 0x00000000 | |
| 18:34:09,421 | 588 | LdrGetProcedureAddress |
Ordinal => 149 FunctionName => FunctionAddress => 0x7e2aa57e ModuleHandle => 0x7e290000 |
SUCCESS | 0x00000000 | |
| 18:34:09,421 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoTaskMemAlloc FunctionAddress => 0x774fd060 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,421 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoTaskMemFree FunctionAddress => 0x774fd044 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,421 | 588 | LdrGetProcedureAddress |
Ordinal => 222 FunctionName => FunctionAddress => 0x7e2b217b ModuleHandle => 0x7e290000 |
SUCCESS | 0x00000000 | |
| 18:34:09,421 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000000 SubKey => dummy |
FAILURE | 0x00000002 | |
| 18:34:09,431 | 588 | LdrLoadDll |
Flags => 1301004 BaseAddress => 0x7c9c0000 FileName => SHELL32.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,431 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SHBindToParent FunctionAddress => 0x7c9f3e90 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,431 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 18:34:09,431 | 588 | RegOpenKeyExW |
Handle => 0x00000160 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 18:34:09,431 | 588 | RegQueryValueExW |
Handle => 0x00000160 DataLength => 4 ValueName => NoNetHood Type => 1300464 |
FAILURE | 0x00000002 | |
| 18:34:09,431 | 588 | RegCloseKey |
Handle => 0x00000160 |
SUCCESS | 0x00000000 | |
| 18:34:09,431 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 18:34:09,431 | 588 | RegOpenKeyExW |
Handle => 0x00000160 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 18:34:09,431 | 588 | RegQueryValueExW |
Handle => 0x00000160 DataLength => 4 ValueName => NoPropertiesMyComputer Type => 1300464 |
FAILURE | 0x00000002 | |
| 18:34:09,431 | 588 | RegCloseKey |
Handle => 0x00000160 |
SUCCESS | 0x00000000 | |
| 18:34:09,431 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 18:34:09,431 | 588 | RegOpenKeyExW |
Handle => 0x00000160 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 18:34:09,431 | 588 | RegQueryValueExW |
Handle => 0x00000160 DataLength => 4 ValueName => NoInternetIcon Type => 1300464 |
FAILURE | 0x00000002 | |
| 18:34:09,431 | 588 | RegCloseKey |
Handle => 0x00000160 |
SUCCESS | 0x00000000 | |
| 18:34:09,431 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\iexplore.exe |
FAILURE | 0x00000002 | |
| 18:34:09,431 | 588 | LdrGetProcedureAddress |
Ordinal => 236 FunctionName => FunctionAddress => 0x773e1798 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,431 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 18:34:09,431 | 588 | RegOpenKeyExW |
Handle => 0x00000160 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 18:34:09,431 | 588 | RegQueryValueExW |
Handle => 0x00000160 DataLength => 4 ValueName => NoCommonGroups Type => 1300464 |
FAILURE | 0x00000002 | |
| 18:34:09,431 | 588 | RegCloseKey |
Handle => 0x00000160 |
SUCCESS | 0x00000000 | |
| 18:34:09,431 | 588 | RegOpenKeyExW |
Handle => 0x00000162 Registry => 0x80000000 SubKey => CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder |
SUCCESS | 0x00000000 | |
| 18:34:09,431 | 588 | RegQueryValueExW |
Handle => 0x00000162 DataLength => 0 ValueName => WantsFORPARSING Type => 0 |
FAILURE | 0x00000002 | |
| 18:34:09,431 | 588 | RegCloseKey |
Handle => 0x00000162 |
SUCCESS | 0x00000000 | |
| 18:34:09,431 | 588 | LdrGetProcedureAddress |
Ordinal => 18 FunctionName => FunctionAddress => 0x7c9eadf5 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,431 | 588 | LdrGetProcedureAddress |
Ordinal => 155 FunctionName => FunctionAddress => 0x7c9eaaec ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,431 | 588 | LdrLoadDll |
Flags => 1301696 BaseAddress => 0x77120000 FileName => OLEAUT32.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,431 | 588 | LdrGetProcedureAddress |
Ordinal => 8 FunctionName => FunctionAddress => 0x77124950 ModuleHandle => 0x77120000 |
SUCCESS | 0x00000000 | |
| 18:34:09,441 | 588 | RegCreateKeyExW |
Handle => 0x00000160 Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\ShellNoRoam |
SUCCESS | 0x00000000 | |
| 18:34:09,441 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => userenv |
FAILURE | 3221225781 | 1 time |
| 18:34:09,441 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetProfileType FunctionAddress => 0x77f96930 ModuleHandle => 0x00400000 |
FAILURE | 3221225785 | |
| 18:34:09,441 | 588 | RegOpenKeyExW |
Handle => 0x00000164 Registry => 0x00000160 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:09,441 | 588 | RegOpenKeyExW |
Handle => 0x00000168 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:09,441 | 588 | RegQueryValueExW |
Handle => 0x00000168 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:09,441 | 588 | RegCloseKey |
Handle => 0x00000168 |
SUCCESS | 0x00000000 | |
| 18:34:09,441 | 588 | RegOpenKeyExW |
Handle => 0x00000168 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:09,441 | 588 | RegQueryValueExW |
Handle => 0x00000168 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:09,441 | 588 | RegCloseKey |
Handle => 0x00000168 |
SUCCESS | 0x00000000 | |
| 18:34:09,441 | 588 | RegOpenKeyExW |
Handle => 0x0000016a Registry => 0x000000e6 SubKey => CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1} |
SUCCESS | 0x00000000 | |
| 18:34:09,441 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000016a SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:09,441 | 588 | RegOpenKeyExW |
Handle => 0x0000016e Registry => 0x000000e6 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:09,441 | 588 | RegCloseKey |
Handle => 0x0000016a |
SUCCESS | 0x00000000 | |
| 18:34:09,441 | 588 | RegOpenKeyExW |
Handle => 0x0000016a Registry => 0x0000016e SubKey => CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1} |
SUCCESS | 0x00000000 | |
| 18:34:09,441 | 588 | RegOpenKeyExW |
Handle => 0x00000172 Registry => 0x0000016a SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:09,441 | 588 | RegQueryValueExW |
Handle => 0x00000172 DataLength => 1000 ValueName => InprocServer32 Type => 1568064 |
FAILURE | 0x00000002 | |
| 18:34:09,441 | 588 | RegCloseKey |
Handle => 0x00000172 |
SUCCESS | 0x00000000 | |
| 18:34:09,441 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000016a SubKey => InprocServerX86 |
FAILURE | 0x00000002 | |
| 18:34:09,441 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000016a SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:09,441 | 588 | RegOpenKeyExW |
Handle => 0x00000172 Registry => 0x0000016a SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:09,441 | 588 | RegQueryValueExW |
Handle => 0x00000172 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00s\x00h\x00d\x00o\x00c\x00v\x00w\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:09,441 | 588 | RegCloseKey |
Handle => 0x00000172 |
SUCCESS | 0x00000000 | |
| 18:34:09,441 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000016a SubKey => InprocHandler32 |
FAILURE | 0x00000002 | |
| 18:34:09,441 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000016a SubKey => InprocHandlerX86 |
FAILURE | 0x00000002 | |
| 18:34:09,441 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000016a SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:09,441 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000016a SubKey => LocalServer |
FAILURE | 0x00000002 | |
| 18:34:09,441 | 588 | RegOpenKeyExW |
Handle => 0x00000172 Registry => 0x0000016e SubKey => CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1} |
SUCCESS | 0x00000000 | |
| 18:34:09,441 | 588 | RegQueryValueExW |
Handle => 0x00000172 DataLength => 100 ValueName => AppID Type => 1300652 |
FAILURE | 0x00000002 | |
| 18:34:09,441 | 588 | RegCloseKey |
Handle => 0x00000172 |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | RegCloseKey |
Handle => 0x0000016a |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | RegOpenKeyExW |
Handle => 0x0000016a Registry => 0x0000016e SubKey => CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1} |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | RegOpenKeyExW |
Handle => 0x00000172 Registry => 0x0000016a SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | RegQueryValueExW |
Handle => 0x00000172 Data => A\x00p\x00a\x00r\x00t\x00m\x00e\x00n\x00t\x00\x00\x00 ValueName => ThreadingModel |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | RegCloseKey |
Handle => 0x00000172 |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | RegCloseKey |
Handle => 0x0000016a |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | RegOpenKeyExW |
Handle => 0x0000016a Registry => 0x80000000 SubKey => CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1} |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000016a SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:09,451 | 588 | RegCloseKey |
Handle => 0x0000016a |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | RegQueryValueExW |
Handle => 0x00000164 Data => 5000 ValueName => BagMRU Size |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | RegCreateKeyExW |
Handle => 0x00000168 Access => 33554432 Registry => 0x00000164 Class => SubKey => BagMRU |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | RegQueryValueExW |
Handle => 0x00000168 Data => ValueName => MRUListEx |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | RegQueryValueExW |
Handle => 0x00000168 Data => ValueName => NodeSlots |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | RegSetValueExW |
Handle => 0x00000168 Buffer => ValueName => NodeSlots Type => 3 |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | NtCreateMutant |
Handle => 0x00000170 InitialOwner => 0 MutexName => Shell.CMruPidlList |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SHGetDesktopFolder FunctionAddress => 0x7c9eb768 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | LdrGetProcedureAddress |
Ordinal => 19 FunctionName => FunctionAddress => 0x7c9eb064 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | RegQueryValueExW |
Handle => 0x00000168 DataLength => 22 ValueName => 2 Type => 3 |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | RegQueryValueExW |
Handle => 0x00000168 Data => ValueName => 2 |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | RegQueryValueExW |
Handle => 0x00000168 DataLength => 22 ValueName => 3 Type => 3 |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | RegQueryValueExW |
Handle => 0x00000168 Data => ValueName => 3 |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | RegQueryValueExW |
Handle => 0x00000168 DataLength => 22 ValueName => 1 Type => 3 |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | RegQueryValueExW |
Handle => 0x00000168 Data => ValueName => 1 |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | RegQueryValueExW |
Handle => 0x00000168 DataLength => 22 ValueName => 0 Type => 3 |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | RegQueryValueExW |
Handle => 0x00000168 Data => ValueName => 0 |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | RegCreateKeyExW |
Handle => 0x00000174 Access => 33554432 Registry => 0x00000168 Class => SubKey => 0 |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | RegQueryValueExW |
Handle => 0x00000174 Data => ValueName => MRUListEx |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | RegSetValueExW |
Handle => 0x00000168 Buffer => ValueName => MRUListEx Type => 3 |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | RegQueryValueExW |
Handle => 0x00000174 Data => 1 ValueName => NodeSlot |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | RegCloseKey |
Handle => 0x00000174 |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | NtFreeVirtualMemory |
FreeType => 0x00004000 ProcessHandle => 0xffffffff RegionSize => 0x00014000 BaseAddress => 0x0019a000 |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | RegCreateKeyExW |
Handle => 0x00000174 Access => 33554432 Registry => 0x00000168 Class => SubKey => 0 |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | RegQueryValueExW |
Handle => 0x00000174 Data => ValueName => MRUListEx |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | RegQueryValueExW |
Handle => 0x00000174 Data => 1 ValueName => NodeSlot |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | RegCloseKey |
Handle => 0x00000174 |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | NtFreeVirtualMemory |
FreeType => 0x00004000 ProcessHandle => 0xffffffff RegionSize => 0x00014000 BaseAddress => 0x0019a000 |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | RegCloseKey |
Handle => 0x00000168 |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | NtFreeVirtualMemory |
FreeType => 0x00004000 ProcessHandle => 0xffffffff RegionSize => 0x00013000 BaseAddress => 0x00186000 |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000164 SubKey => Bags\1\Shell |
FAILURE | 0x00000002 | |
| 18:34:09,451 | 588 | RegCloseKey |
Handle => 0x00000164 |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | RegOpenKeyExW |
Handle => 0x00000164 Registry => 0x00000160 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | RegQueryValueExW |
Handle => 0x00000164 Data => 5000 ValueName => BagMRU Size |
SUCCESS | 0x00000000 | |
| 18:34:09,451 | 588 | RegCreateKeyExW |
Handle => 0x00000168 Access => 33554432 Registry => 0x00000164 Class => SubKey => BagMRU |
SUCCESS | 0x00000000 | |
| 18:34:09,461 | 588 | RegQueryValueExW |
Handle => 0x00000168 Data => ValueName => MRUListEx |
SUCCESS | 0x00000000 | |
| 18:34:09,461 | 588 | RegQueryValueExW |
Handle => 0x00000168 Data => ValueName => NodeSlots |
SUCCESS | 0x00000000 | |
| 18:34:09,461 | 588 | RegSetValueExW |
Handle => 0x00000168 Buffer => ValueName => NodeSlots Type => 3 |
SUCCESS | 0x00000000 | |
| 18:34:09,461 | 588 | NtCreateMutant |
Handle => 0x00000170 InitialOwner => 0 MutexName => Shell.CMruPidlList |
SUCCESS | 0x00000000 | |
| 18:34:09,461 | 588 | RegQueryValueExW |
Handle => 0x00000168 DataLength => 22 ValueName => 0 Type => 3 |
SUCCESS | 0x00000000 | |
| 18:34:09,461 | 588 | RegQueryValueExW |
Handle => 0x00000168 Data => ValueName => 0 |
SUCCESS | 0x00000000 | |
| 18:34:09,461 | 588 | RegCreateKeyExW |
Handle => 0x00000174 Access => 33554432 Registry => 0x00000168 Class => SubKey => 0 |
SUCCESS | 0x00000000 | |
| 18:34:09,471 | 588 | RegQueryValueExW |
Handle => 0x00000174 Data => ValueName => MRUListEx |
SUCCESS | 0x00000000 | |
| 18:34:09,471 | 588 | RegSetValueExW |
Handle => 0x00000168 Buffer => ValueName => MRUListEx Type => 3 |
SUCCESS | 0x00000000 | |
| 18:34:09,471 | 588 | RegQueryValueExW |
Handle => 0x00000174 Data => 1 ValueName => NodeSlot |
SUCCESS | 0x00000000 | |
| 18:34:09,471 | 588 | RegCloseKey |
Handle => 0x00000174 |
SUCCESS | 0x00000000 | |
| 18:34:09,471 | 588 | NtFreeVirtualMemory |
FreeType => 0x00004000 ProcessHandle => 0xffffffff RegionSize => 0x00014000 BaseAddress => 0x0019f000 |
SUCCESS | 0x00000000 | |
| 18:34:09,471 | 588 | RegQueryValueExW |
Handle => 0x00000168 DataLength => 4 ValueName => NodeSlot Type => 1301400 |
FAILURE | 0x00000002 | |
| 18:34:09,471 | 588 | RegCreateKeyExW |
Handle => 0x00000174 Access => 33554432 Registry => 0x00000168 Class => SubKey => 0 |
SUCCESS | 0x00000000 | |
| 18:34:09,471 | 588 | RegQueryValueExW |
Handle => 0x00000174 Data => ValueName => MRUListEx |
SUCCESS | 0x00000000 | |
| 18:34:09,471 | 588 | RegQueryValueExW |
Handle => 0x00000174 Data => 1 ValueName => NodeSlot |
SUCCESS | 0x00000000 | |
| 18:34:09,471 | 588 | RegCloseKey |
Handle => 0x00000174 |
SUCCESS | 0x00000000 | |
| 18:34:09,471 | 588 | NtFreeVirtualMemory |
FreeType => 0x00004000 ProcessHandle => 0xffffffff RegionSize => 0x00014000 BaseAddress => 0x0019f000 |
SUCCESS | 0x00000000 | |
| 18:34:09,471 | 588 | RegCloseKey |
Handle => 0x00000168 |
SUCCESS | 0x00000000 | |
| 18:34:09,471 | 588 | NtFreeVirtualMemory |
FreeType => 0x00004000 ProcessHandle => 0xffffffff RegionSize => 0x0000f000 BaseAddress => 0x00186000 |
SUCCESS | 0x00000000 | |
| 18:34:09,471 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000164 SubKey => Bags\1\Shell\Inherit |
FAILURE | 0x00000002 | |
| 18:34:09,471 | 588 | RegCloseKey |
Handle => 0x00000164 |
SUCCESS | 0x00000000 | |
| 18:34:09,471 | 588 | RegOpenKeyExW |
Handle => 0x00000164 Registry => 0x00000160 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:09,471 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000164 SubKey => Bags\AllFolders\Shell |
FAILURE | 0x00000002 | |
| 18:34:09,471 | 588 | RegCloseKey |
Handle => 0x00000164 |
SUCCESS | 0x00000000 | |
| 18:34:09,471 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SHGetDataFromIDListW FunctionAddress => 0x7ca2aab9 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,471 | 588 | LdrGetProcedureAddress |
Ordinal => 102 FunctionName => FunctionAddress => 0x7c9ef5e2 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,471 | 588 | RegOpenKeyExW |
Handle => 0x00000166 Registry => 0x80000000 SubKey => CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder |
SUCCESS | 0x00000000 | |
| 18:34:09,471 | 588 | RegQueryValueExW |
Handle => 0x00000166 Data => 36 ValueName => Attributes |
SUCCESS | 0x00000000 | |
| 18:34:09,471 | 588 | RegQueryValueExW |
Handle => 0x00000166 DataLength => 4 ValueName => CallForAttributes Type => 1298584 |
FAILURE | 0x00000002 | |
| 18:34:09,471 | 588 | RegCloseKey |
Handle => 0x00000166 |
SUCCESS | 0x00000000 | |
| 18:34:09,471 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum |
FAILURE | 0x00000002 | |
| 18:34:09,471 | 588 | RegOpenKeyExA |
Handle => 0x00000164 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum |
SUCCESS | 0x00000000 | |
| 18:34:09,471 | 588 | RegQueryValueExW |
Handle => 0x00000164 DataLength => 4 ValueName => {871C5380-42A0-1069-A2EA-08002B30309D} Type => 1298516 |
FAILURE | 0x00000002 | |
| 18:34:09,471 | 588 | RegCloseKey |
Handle => 0x00000164 |
SUCCESS | 0x00000000 | |
| 18:34:09,471 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{871C5380-42A0-1069-A2EA-08002B30309D} |
FAILURE | 0x00000002 | |
| 18:34:09,471 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => StringFromGUID2 FunctionAddress => 0x774fde12 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,481 | 588 | RegOpenKeyExA |
Handle => 0x00000164 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\ShellFolder |
SUCCESS | 0x00000000 | |
| 18:34:09,481 | 588 | RegQueryValueExW |
Handle => 0x00000164 Data => 0 ValueName => Attributes |
SUCCESS | 0x00000000 | |
| 18:34:09,481 | 588 | RegCloseKey |
Handle => 0x00000164 |
SUCCESS | 0x00000000 | |
| 18:34:09,481 | 588 | LdrGetProcedureAddress |
Ordinal => 320 FunctionName => FunctionAddress => 0x773e0a75 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,481 | 588 | LdrGetProcedureAddress |
Ordinal => 324 FunctionName => FunctionAddress => 0x773e0c22 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,481 | 588 | LdrGetProcedureAddress |
Ordinal => 323 FunctionName => FunctionAddress => 0x773e0b17 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,481 | 588 | RegOpenKeyExW |
Handle => 0x00000166 Registry => 0x80000000 SubKey => CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} |
SUCCESS | 0x00000000 | |
| 18:34:09,481 | 588 | RegOpenKeyExA |
Handle => 0x0000016a Registry => 0x00000166 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:09,481 | 588 | LdrGetProcedureAddress |
Ordinal => 388 FunctionName => FunctionAddress => 0x773e1535 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,481 | 588 | RegCloseKey |
Handle => 0x00000166 |
SUCCESS | 0x00000000 | |
| 18:34:09,481 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoTaskMemFree FunctionAddress => 0x774fd044 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,481 | 588 | RegQueryValueExW |
Handle => 0x0000016a DataLength => 2048 ValueName => {28636AA6-953D-11D2-B5D6-00C04FD918D0} 0 Type => 1296824 |
FAILURE | 0x00000002 | |
| 18:34:09,481 | 588 | RegCloseKey |
Handle => 0x0000016a |
SUCCESS | 0x00000000 | |
| 18:34:09,481 | 588 | RegCreateKeyExW |
Handle => 0x00000168 Access => 33554432 Registry => 0x80000002 Class => SubKey => Software\Microsoft\Windows\Shell |
SUCCESS | 0x00000000 | |
| 18:34:09,481 | 588 | RegOpenKeyExW |
Handle => 0x00000164 Registry => 0x00000168 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:09,481 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000164 SubKey => Bags\AllFolders\Shell |
FAILURE | 0x00000002 | |
| 18:34:09,481 | 588 | RegCloseKey |
Handle => 0x00000164 |
SUCCESS | 0x00000000 | |
| 18:34:09,481 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => EXPLORER.EXE |
FAILURE | 3221225781 | 1 time |
| 18:34:09,481 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00400000 FileName => IEXPLORE.EXE |
SUCCESS | 0x00000000 | |
| 18:34:09,481 | 588 | RegOpenKeyExW |
Handle => 0x00000164 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main |
SUCCESS | 0x00000000 | |
| 18:34:09,481 | 588 | RegQueryValueExW |
Handle => 0x00000164 DataLength => 4 ValueName => StatusBarWeb Type => 1302124 |
FAILURE | 0x00000002 | |
| 18:34:09,481 | 588 | RegCloseKey |
Handle => 0x00000164 |
SUCCESS | 0x00000000 | |
| 18:34:09,481 | 588 | LdrGetProcedureAddress |
Ordinal => 153 FunctionName => FunctionAddress => 0x7e2a590c ModuleHandle => 0x7e290000 |
SUCCESS | 0x00000000 | |
| 18:34:09,481 | 588 | RegOpenKeyExW |
Handle => 0x00000164 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main |
SUCCESS | 0x00000000 | |
| 18:34:09,481 | 588 | GetSystemMetrics |
SystemMetricIndex => 67 |
SUCCESS | 0x00000000 | |
| 18:34:09,481 | 588 | RegQueryValueExW |
Handle => 0x00000164 Data => ValueName => Window_Placement |
SUCCESS | 0x00000000 | |
| 18:34:09,481 | 588 | RegCloseKey |
Handle => 0x00000164 |
SUCCESS | 0x00000000 | |
| 18:34:09,491 | 588 | FindWindowExW |
ClassName => 49350 WindowName => |
SUCCESS | 0x000200c8 | |
| 18:34:09,491 | 588 | GetSystemMetrics |
SystemMetricIndex => 4 |
SUCCESS | 0x0000001a | |
| 18:34:09,491 | 588 | GetSystemMetrics |
SystemMetricIndex => 33 |
SUCCESS | 0x00000004 | |
| 18:34:09,491 | 588 | FindWindowExW |
ClassName => 49350 WindowName => |
FAILURE | 0x00000000 | |
| 18:34:09,491 | 588 | RegOpenKeyExW |
Handle => 0x00000164 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main |
SUCCESS | 0x00000000 | |
| 18:34:09,491 | 588 | RegQueryValueExW |
Handle => 0x00000164 DataLength => 4 ValueName => Window_Min_Width Type => 1302052 |
FAILURE | 0x00000002 | |
| 18:34:09,491 | 588 | RegCloseKey |
Handle => 0x00000164 |
SUCCESS | 0x00000000 | |
| 18:34:09,491 | 588 | RegOpenKeyExW |
Handle => 0x00000164 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main |
SUCCESS | 0x00000000 | |
| 18:34:09,491 | 588 | RegQueryValueExW |
Handle => 0x00000164 DataLength => 4 ValueName => Window_Min_Height Type => 1302048 |
FAILURE | 0x00000002 | |
| 18:34:09,491 | 588 | RegCloseKey |
Handle => 0x00000164 |
SUCCESS | 0x00000000 | |
| 18:34:09,491 | 588 | RegCreateKeyExW |
Handle => 0x00000164 Access => 2 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Internet Explorer\Main |
SUCCESS | 0x00000000 | |
| 18:34:09,491 | 588 | RegSetValueExW |
Handle => 0x00000164 Buffer => ValueName => Window_Placement Type => 3 |
SUCCESS | 0x00000000 | |
| 18:34:09,501 | 588 | RegCloseKey |
Handle => 0x00000164 |
SUCCESS | 0x00000000 | |
| 18:34:09,501 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\IEAK |
FAILURE | 0x00000002 | |
| 18:34:09,501 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\IEAK |
FAILURE | 0x00000002 | |
| 18:34:09,501 | 588 | GetSystemMetrics |
SystemMetricIndex => 0 |
SUCCESS | 0x00000320 | |
| 18:34:09,501 | 588 | RegOpenKeyExA |
Handle => 0x00000164 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Toolbar |
SUCCESS | 0x00000000 | |
| 18:34:09,501 | 588 | RegQueryValueExW |
Handle => 0x00000164 Data => 1 ValueName => Locked |
SUCCESS | 0x00000000 | |
| 18:34:09,501 | 588 | RegCloseKey |
Handle => 0x00000164 |
SUCCESS | 0x00000000 | |
| 18:34:09,501 | 588 | RegCreateKeyExW |
Handle => 0x00000164 Access => 2 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Internet Explorer\Toolbar |
SUCCESS | 0x00000000 | |
| 18:34:09,501 | 588 | RegSetValueExW |
Handle => 0x00000164 Buffer => 1 ValueName => Locked Type => 4 |
SUCCESS | 0x00000000 | |
| 18:34:09,501 | 588 | RegCloseKey |
Handle => 0x00000164 |
SUCCESS | 0x00000000 | |
| 18:34:09,501 | 588 | RegOpenKeyExA |
Handle => 0x00000164 Registry => 0x80000001 SubKey => SOFTWARE\Microsoft\Internet Explorer\Main |
SUCCESS | 0x00000000 | |
| 18:34:09,501 | 588 | RegQueryValueExW |
Handle => 0x00000164 DataLength => 520 ValueName => Enable Browser Extensions Type => 1300356 |
FAILURE | 0x00000002 | |
| 18:34:09,501 | 588 | RegOpenKeyExA |
Handle => 0x00000170 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Internet Explorer\Main |
SUCCESS | 0x00000000 | |
| 18:34:09,501 | 588 | RegQueryValueExW |
Handle => 0x00000170 DataLength => 520 ValueName => Enable Browser Extensions Type => 1300356 |
FAILURE | 0x00000002 | |
| 18:34:09,501 | 588 | RegCloseKey |
Handle => 0x00000170 |
SUCCESS | 0x00000000 | |
| 18:34:09,501 | 588 | RegCloseKey |
Handle => 0x00000164 |
SUCCESS | 0x00000000 | |
| 18:34:09,501 | 588 | GetSystemMetrics |
SystemMetricIndex => 67 |
SUCCESS | 0x00000000 | |
| 18:34:09,501 | 588 | RegOpenKeyExW |
Handle => 0x00000164 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Toolbar |
SUCCESS | 0x00000000 | |
| 18:34:09,511 | 588 | RegEnumValueW |
Index => 0 Handle => 0x00000164 DataLength => 0 ValueName => Type => 1301484 |
FAILURE | 0x00000103 | |
| 18:34:09,511 | 588 | RegCloseKey |
Handle => 0x00000164 |
SUCCESS | 0x00000000 | |
| 18:34:09,511 | 588 | RegCreateKeyExW |
Handle => 0x00000164 Access => 131103 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Internet Explorer\Toolbar |
SUCCESS | 0x00000000 | |
| 18:34:09,511 | 588 | LdrGetProcedureAddress |
Ordinal => 85 FunctionName => FunctionAddress => 0x7ca05abe ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,511 | 588 | RegOpenKeyExA |
Handle => 0x00000170 Registry => 0x00000164 SubKey => WebBrowser |
SUCCESS | 0x00000000 | |
| 18:34:09,511 | 588 | RegQueryValueExA |
Handle => 0x00000170 DataLength => 564 ValueName => ITBarLayout Type => 3 |
SUCCESS | 0x00000000 | |
| 18:34:09,511 | 588 | RegQueryValueExA |
Handle => 0x00000170 Data => ValueName => ITBarLayout |
SUCCESS | 0x00000000 | |
| 18:34:09,511 | 588 | RegCloseKey |
Handle => 0x00000170 |
SUCCESS | 0x00000000 | |
| 18:34:09,511 | 588 | RegCloseKey |
Handle => 0x00000164 |
SUCCESS | 0x00000000 | |
| 18:34:09,511 | 588 | GetSystemMetrics |
SystemMetricIndex => 0 |
SUCCESS | 0x00000320 | |
| 18:34:09,511 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => KERNEL32 |
SUCCESS | 0x00000000 | |
| 18:34:09,511 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetUserDefaultUILanguage FunctionAddress => 0x7c813100 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 18:34:09,521 | 588 | LdrLoadDll |
Flags => 1297800 BaseAddress => 0x5ad70000 FileName => UxTheme.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,521 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => OpenThemeData FunctionAddress => 0x5ad773b8 ModuleHandle => 0x5ad70000 |
SUCCESS | 0x00000000 | |
| 18:34:09,521 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetThemeMargins FunctionAddress => 0x5ad7b0d2 ModuleHandle => 0x5ad70000 |
SUCCESS | 0x00000000 | |
| 18:34:09,521 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetThemeTextMetrics FunctionAddress => 0x5ad8b293 ModuleHandle => 0x5ad70000 |
SUCCESS | 0x00000000 | |
| 18:34:09,521 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetWindowTheme FunctionAddress => 0x5ad7b39e ModuleHandle => 0x5ad70000 |
SUCCESS | 0x00000000 | |
| 18:34:09,521 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CloseThemeData FunctionAddress => 0x5ad74773 ModuleHandle => 0x5ad70000 |
SUCCESS | 0x00000000 | |
| 18:34:09,521 | 588 | LdrGetProcedureAddress |
Ordinal => 174 FunctionName => FunctionAddress => 0x7e2b7667 ModuleHandle => 0x7e290000 |
SUCCESS | 0x00000000 | |
| 18:34:09,521 | 588 | NtOpenMutant |
Handle => 0x00000164 MutexName => WininetStartupMutex |
SUCCESS | 0x00000000 | |
| 18:34:09,521 | 588 | LdrLoadDll |
Flags => 1301552 BaseAddress => 0x771b0000 FileName => WININET.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,521 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => InternetQueryOptionA FunctionAddress => 0x771b7190 ModuleHandle => 0x771b0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,521 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => FromCacheTimeout Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,521 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => SecureProtocols Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,521 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => CertificateRevocation Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,521 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => DisableKeepAlive Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,521 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => DisablePassport Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,521 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => CacheMode Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,521 | 588 | RegOpenKeyExA |
Handle => 0x00000164 Registry => 0x80000002 SubKey => SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,531 | 588 | RegQueryValueExA |
Handle => 0x00000164 DataLength => 4 ValueName => Security_HKLM_only Type => 356 |
FAILURE | 0x00000002 | |
| 18:34:09,531 | 588 | RegCloseKey |
Handle => 0x00000164 |
SUCCESS | 0x00000000 | |
| 18:34:09,531 | 588 | RegOpenKeyExA |
Handle => 0x00000164 Registry => 0x80000002 SubKey => SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,531 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
FAILURE | 0x00000002 | |
| 18:34:09,531 | 588 | RegOpenKeyExA |
Handle => 0x00000170 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,531 | 588 | RegOpenKeyExA |
Handle => 0x00000174 Registry => 0x80000001 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,531 | 588 | RegQueryValueExA |
Handle => 0x00000164 DataLength => 4 ValueName => EnableHttp1_1 Type => 356 |
FAILURE | 0x00000002 | |
| 18:34:09,531 | 588 | RegQueryValueExA |
Handle => 0x00000174 Data => 1 ValueName => EnableHttp1_1 |
SUCCESS | 0x00000000 | |
| 18:34:09,531 | 588 | RegCloseKey |
Handle => 0x00000164 |
SUCCESS | 0x00000000 | |
| 18:34:09,531 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 18:34:09,531 | 588 | RegCloseKey |
Handle => 0x00000170 |
SUCCESS | 0x00000000 | |
| 18:34:09,531 | 588 | RegCloseKey |
Handle => 0x00000174 |
SUCCESS | 0x00000000 | |
| 18:34:09,531 | 588 | RegOpenKeyExA |
Handle => 0x00000174 Registry => 0x80000002 SubKey => SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,531 | 588 | RegQueryValueExA |
Handle => 0x00000174 DataLength => 4 ValueName => Security_HKLM_only Type => 372 |
FAILURE | 0x00000002 | |
| 18:34:09,531 | 588 | RegCloseKey |
Handle => 0x00000174 |
SUCCESS | 0x00000000 | |
| 18:34:09,531 | 588 | RegOpenKeyExA |
Handle => 0x00000174 Registry => 0x80000002 SubKey => SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,531 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
FAILURE | 0x00000002 | |
| 18:34:09,531 | 588 | RegOpenKeyExA |
Handle => 0x00000170 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,531 | 588 | RegOpenKeyExA |
Handle => 0x00000164 Registry => 0x80000001 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,531 | 588 | RegQueryValueExA |
Handle => 0x00000174 DataLength => 4 ValueName => ProxyHttp1.1 Type => 372 |
FAILURE | 0x00000002 | |
| 18:34:09,531 | 588 | RegQueryValueExA |
Handle => 0x00000164 DataLength => 4 ValueName => ProxyHttp1.1 Type => 356 |
FAILURE | 0x00000002 | |
| 18:34:09,541 | 588 | RegQueryValueExA |
Handle => 0x00000170 DataLength => 4 ValueName => ProxyHttp1.1 Type => 368 |
FAILURE | 0x00000002 | |
| 18:34:09,541 | 588 | RegCloseKey |
Handle => 0x00000174 |
SUCCESS | 0x00000000 | |
| 18:34:09,541 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 18:34:09,541 | 588 | RegCloseKey |
Handle => 0x00000170 |
SUCCESS | 0x00000000 | |
| 18:34:09,541 | 588 | RegCloseKey |
Handle => 0x00000164 |
SUCCESS | 0x00000000 | |
| 18:34:09,541 | 588 | RegQueryValueExA |
Handle => 0x00000044 Data => 1 ValueName => EnableNegotiate |
SUCCESS | 0x00000000 | |
| 18:34:09,541 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => DisableBasicOverClearChannel Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,541 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,541 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,541 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,541 | 588 | RegOpenKeyExW |
Handle => 0x00000164 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 18:34:09,541 | 588 | RegQueryValueExA |
Handle => 0x00000164 DataLength => 4 ValueName => Feature_ClientAuthCertFilter Type => 356 |
FAILURE | 0x00000002 | |
| 18:34:09,541 | 588 | RegCloseKey |
Handle => 0x00000164 |
SUCCESS | 0x00000000 | |
| 18:34:09,541 | 588 | LdrLoadDll |
Flags => 1301000 BaseAddress => 0x77fe0000 FileName => Secur32.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,541 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetUserNameExA FunctionAddress => 0x77fe1dca ModuleHandle => 0x77fe0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,541 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => SyncMode5 Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,541 | 588 | RegOpenKeyExA |
Handle => 0x00000170 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegQueryValueExA |
Handle => 0x00000170 DataLength => 4 ValueName => FixupKey Type => 368 |
FAILURE | 0x00000002 | |
| 18:34:09,551 | 588 | RegCloseKey |
Handle => 0x00000170 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegOpenKeyExA |
Handle => 0x00000170 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegQueryValueExA |
Handle => 0x00000170 DataLength => 4 ValueName => SessionStartTimeDefaultDeltaSecs Type => 368 |
FAILURE | 0x00000002 | |
| 18:34:09,551 | 588 | RegCloseKey |
Handle => 0x00000170 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegOpenKeyExA |
Handle => 0x00000170 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegOpenKeyExA |
Handle => 0x00000174 Registry => 0x80000002 SubKey => System\Setup |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegQueryValueExA |
Handle => 0x00000174 Data => 0 ValueName => SystemSetupInProgress |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegCloseKey |
Handle => 0x00000174 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegOpenKeyExA |
Handle => 0x00000174 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegOpenKeyExA |
Handle => 0x00000178 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegOpenKeyExA |
Handle => 0x0000017c Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegOpenKeyExA |
Handle => 0x00000180 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegQueryValueExA |
Handle => 0x00000180 Data => Client UrlCache MMF Ver 5.2\x00 ValueName => Signature |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegCloseKey |
Handle => 0x00000180 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegOpenKeyExA |
Handle => 0x00000180 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegQueryValueExA |
Handle => 0x00000180 DataLength => 54 ValueName => Cache Type => 2 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegQueryValueExA |
Handle => 0x00000180 DataLength => 22 ValueName => Cookies Type => 2 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegQueryValueExA |
Handle => 0x00000180 DataLength => 37 ValueName => History Type => 2 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegCloseKey |
Handle => 0x00000180 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegOpenKeyExA |
Handle => 0x00000180 Registry => 0x00000178 SubKey => Content |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegQueryValueExA |
Handle => 0x00000180 DataLength => 4 ValueName => PerUserItem Type => 384 |
FAILURE | 0x00000002 | |
| 18:34:09,551 | 588 | RegOpenKeyExA |
Handle => 0x00000184 Registry => 0x00000170 SubKey => Content |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegQueryValueExA |
Handle => 0x00000184 Data => 1 ValueName => PerUserItem |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegCloseKey |
Handle => 0x00000184 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegCloseKey |
Handle => 0x00000180 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegOpenKeyExA |
Handle => 0x00000180 Registry => 0x00000178 SubKey => Content |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | LdrLoadDll |
Flags => 1299092 BaseAddress => 0x7c9c0000 FileName => shell32.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SHGetFolderPathA FunctionAddress => 0x7ca2ac11 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegCreateKeyExW |
Handle => 0x00000184 Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegQueryValueExW |
Handle => 0x00000184 Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00L\x00o\x00c\x00a\x00l\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00e\x00m\x00p\x00o\x00r\x00a\x00r\x00y\x00 \x00I\x00n\x00t\x00e\x00r\x00n\x00e\x00t\x00 \x00F\x00i\x00l\x00e\x00s\x00\x00\x00 ValueName => Cache |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegCloseKey |
Handle => 0x00000184 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegCreateKeyExW |
Handle => 0x00000184 Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegSetValueExW |
Handle => 0x00000184 Buffer => C\x00:\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\\x00L\x00o\x00c\x00a\x00l\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00e\x00m\x00p\x00o\x00r\x00a\x00r\x00y\x00 \x00I\x00n\x00t\x00e\x00r\x00n\x00e\x00t\x00 \x00F\x00i\x00l\x00e\x00s\x00\x00\x00 ValueName => Cache Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegCloseKey |
Handle => 0x00000184 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | NtOpenFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files DesiredAccess => 0x00100100 FileHandle => 0x00000184 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | NtSetInformationFile |
FileHandle => 0x00000184 FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegQueryValueExA |
Handle => 0x00000180 Data => \x00 ValueName => CachePrefix |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegQueryValueExA |
Handle => 0x00000180 Data => 327323 ValueName => CacheLimit |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegOpenKeyExA |
Handle => 0x00000184 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegOpenKeyExA |
Handle => 0x00000188 Registry => 0x00000184 SubKey => Paths |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegOpenKeyExA |
Handle => 0x0000018c Registry => 0x00000188 SubKey => Path1 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegOpenKeyExA |
Handle => 0x00000190 Registry => 0x00000188 SubKey => Path2 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegOpenKeyExA |
Handle => 0x00000194 Registry => 0x00000188 SubKey => Path3 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegOpenKeyExA |
Handle => 0x00000198 Registry => 0x00000188 SubKey => Path4 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegOpenKeyExA |
Handle => 0x0000019c Registry => 0x00000184 SubKey => Special Paths |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegSetValueExA |
Handle => 0x00000188 Buffer => C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files\Content.IE5\x00 ValueName => Directory Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegSetValueExA |
Handle => 0x00000188 Buffer => 4 ValueName => Paths Type => 4 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegSetValueExA |
Handle => 0x0000018c Buffer => C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files\Content.IE5\Cache1\x00 ValueName => CachePath Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegSetValueExA |
Handle => 0x00000190 Buffer => C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files\Content.IE5\Cache2\x00 ValueName => CachePath Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegSetValueExA |
Handle => 0x00000194 Buffer => C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files\Content.IE5\Cache3\x00 ValueName => CachePath Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegSetValueExA |
Handle => 0x00000198 Buffer => C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files\Content.IE5\Cache4\x00 ValueName => CachePath Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegSetValueExA |
Handle => 0x0000018c Buffer => 81830 ValueName => CacheLimit Type => 4 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegSetValueExA |
Handle => 0x00000190 Buffer => 81830 ValueName => CacheLimit Type => 4 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegSetValueExA |
Handle => 0x00000194 Buffer => 81830 ValueName => CacheLimit Type => 4 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegSetValueExA |
Handle => 0x00000198 Buffer => 81830 ValueName => CacheLimit Type => 4 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegCloseKey |
Handle => 0x00000198 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegCloseKey |
Handle => 0x00000194 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegCloseKey |
Handle => 0x00000190 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegCloseKey |
Handle => 0x0000018c |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegCloseKey |
Handle => 0x00000188 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegCloseKey |
Handle => 0x0000019c |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegCloseKey |
Handle => 0x00000184 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegOpenKeyExA |
Handle => 0x00000184 Registry => 0x00000178 SubKey => Cookies |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegQueryValueExA |
Handle => 0x00000184 DataLength => 4 ValueName => PerUserItem Type => 388 |
FAILURE | 0x00000002 | |
| 18:34:09,551 | 588 | RegOpenKeyExA |
Handle => 0x0000019c Registry => 0x00000170 SubKey => Cookies |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegQueryValueExA |
Handle => 0x0000019c Data => 1 ValueName => PerUserItem |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegCloseKey |
Handle => 0x0000019c |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegCloseKey |
Handle => 0x00000184 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegCloseKey |
Handle => 0x00000180 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegOpenKeyExA |
Handle => 0x00000180 Registry => 0x00000178 SubKey => Cookies |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegCreateKeyExW |
Handle => 0x00000184 Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegQueryValueExW |
Handle => 0x00000184 Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00C\x00o\x00o\x00k\x00i\x00e\x00s\x00\x00\x00 ValueName => Cookies |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegCloseKey |
Handle => 0x00000184 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegCreateKeyExW |
Handle => 0x00000184 Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegSetValueExW |
Handle => 0x00000184 Buffer => C\x00:\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\\x00C\x00o\x00o\x00k\x00i\x00e\x00s\x00\x00\x00 ValueName => Cookies Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegCloseKey |
Handle => 0x00000184 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegQueryValueExA |
Handle => 0x00000180 Data => Cookie:\x00 ValueName => CachePrefix |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegQueryValueExA |
Handle => 0x00000180 Data => 8192 ValueName => CacheLimit |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegOpenKeyExA |
Handle => 0x00000184 Registry => 0x00000178 SubKey => History |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegQueryValueExA |
Handle => 0x00000184 DataLength => 4 ValueName => PerUserItem Type => 388 |
FAILURE | 0x00000002 | |
| 18:34:09,551 | 588 | RegOpenKeyExA |
Handle => 0x0000019c Registry => 0x00000170 SubKey => History |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegQueryValueExA |
Handle => 0x0000019c Data => 1 ValueName => PerUserItem |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegCloseKey |
Handle => 0x0000019c |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegCloseKey |
Handle => 0x00000184 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegCloseKey |
Handle => 0x00000180 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegOpenKeyExA |
Handle => 0x00000180 Registry => 0x00000178 SubKey => History |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegCreateKeyExW |
Handle => 0x00000184 Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegQueryValueExW |
Handle => 0x00000184 Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00L\x00o\x00c\x00a\x00l\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00H\x00i\x00s\x00t\x00o\x00r\x00y\x00\x00\x00 ValueName => History |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegCloseKey |
Handle => 0x00000184 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegCreateKeyExW |
Handle => 0x00000184 Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegSetValueExW |
Handle => 0x00000184 Buffer => C\x00:\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\\x00L\x00o\x00c\x00a\x00l\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00H\x00i\x00s\x00t\x00o\x00r\x00y\x00\x00\x00 ValueName => History Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | RegCloseKey |
Handle => 0x00000184 |
SUCCESS | 0x00000000 | |
| 18:34:09,551 | 588 | NtOpenFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\History DesiredAccess => 0x00100100 FileHandle => 0x00000184 |
SUCCESS | 0x00000000 | |
| 18:34:09,561 | 588 | NtSetInformationFile |
FileHandle => 0x00000184 FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:09,561 | 588 | RegQueryValueExA |
Handle => 0x00000180 Data => Visited:\x00 ValueName => CachePrefix |
SUCCESS | 0x00000000 | |
| 18:34:09,561 | 588 | RegQueryValueExA |
Handle => 0x00000180 Data => 8192 ValueName => CacheLimit |
SUCCESS | 0x00000000 | |
| 18:34:09,561 | 588 | RegCloseKey |
Handle => 0x00000180 |
SUCCESS | 0x00000000 | |
| 18:34:09,561 | 588 | RegCloseKey |
Handle => 0x0000017c |
SUCCESS | 0x00000000 | |
| 18:34:09,561 | 588 | RegCloseKey |
Handle => 0x00000174 |
SUCCESS | 0x00000000 | |
| 18:34:09,561 | 588 | RegCloseKey |
Handle => 0x00000178 |
SUCCESS | 0x00000000 | |
| 18:34:09,561 | 588 | RegCloseKey |
Handle => 0x00000170 |
SUCCESS | 0x00000000 | |
| 18:34:09,561 | 588 | NtOpenMutant |
Handle => 0x00000170 MutexName => _!MSFTHISTORY!_ |
SUCCESS | 0x00000000 | |
| 18:34:09,561 | 588 | NtOpenMutant |
Handle => 0x00000178 MutexName => c:!documents and settings!tdw!local settings!temporary internet files!content.ie5! |
SUCCESS | 0x00000000 | |
| 18:34:09,561 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => KERNEL32 |
SUCCESS | 0x00000000 | |
| 18:34:09,561 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetDiskFreeSpaceExA FunctionAddress => 0x7c83038b ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 18:34:09,561 | 588 | NtOpenFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files\Content.IE5\ DesiredAccess => 0x00100001 FileHandle => 0x00000174 |
SUCCESS | 0x00000000 | |
| 18:34:09,561 | 588 | NtOpenFile |
ShareAccess => 3 FileName => C:\ DesiredAccess => 0x00100001 FileHandle => 0x00000174 |
SUCCESS | 0x00000000 | |
| 18:34:09,561 | 588 | NtOpenFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files\Content.IE5\ DesiredAccess => 0x00100100 FileHandle => 0x00000174 |
SUCCESS | 0x00000000 | |
| 18:34:09,561 | 588 | NtSetInformationFile |
FileHandle => 0x00000174 FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:09,561 | 588 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files\Content.IE5\index.dat DesiredAccess => 0xc0100080 CreateDisposition => 3 FileHandle => 0x00000174 |
SUCCESS | 0x00000000 | |
| 18:34:09,561 | 588 | NtSetInformationFile |
FileHandle => 0x00000174 FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:09,561 | 588 | NtQueryInformationFile |
FileHandle => 0x00000174 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:09,561 | 588 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files\Content.IE5\index.dat DesiredAccess => 0xc0100080 CreateDisposition => 3 FileHandle => 0x00000174 |
SUCCESS | 0x00000000 | |
| 18:34:09,561 | 588 | NtOpenSection |
DesiredAccess => 0x00000002 ObjectAttributes => C:\ntdll SectionHandle => 0x0000017c |
SUCCESS | 0x00000000 | |
| 18:34:09,561 | 588 | ZwMapViewOfSection |
SectionOffset => 0x0013d8c0 SectionHandle => 0x0000017c ProcessHandle => 0xffffffff BaseAddress => 0x00c80000 |
SUCCESS | 0x00000000 | |
| 18:34:09,561 | 588 | NtOpenMutant |
Handle => 0x00000180 MutexName => c:!documents and settings!tdw!cookies! |
SUCCESS | 0x00000000 | |
| 18:34:09,561 | 588 | NtOpenFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Cookies\ DesiredAccess => 0x00100001 FileHandle => 0x00000184 |
SUCCESS | 0x00000000 | |
| 18:34:09,561 | 588 | NtOpenFile |
ShareAccess => 3 FileName => C:\ DesiredAccess => 0x00100001 FileHandle => 0x00000184 |
SUCCESS | 0x00000000 | |
| 18:34:09,561 | 588 | NtOpenFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Cookies\ DesiredAccess => 0x00100100 FileHandle => 0x00000184 |
SUCCESS | 0x00000000 | |
| 18:34:09,561 | 588 | NtSetInformationFile |
FileHandle => 0x00000184 FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:09,561 | 588 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Cookies\index.dat DesiredAccess => 0xc0100080 CreateDisposition => 3 FileHandle => 0x00000184 |
SUCCESS | 0x00000000 | |
| 18:34:09,561 | 588 | NtSetInformationFile |
FileHandle => 0x00000184 FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:09,561 | 588 | NtQueryInformationFile |
FileHandle => 0x00000184 FileInformation => \x00\x80\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:09,561 | 588 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Cookies\index.dat DesiredAccess => 0xc0100080 CreateDisposition => 3 FileHandle => 0x00000184 |
SUCCESS | 0x00000000 | |
| 18:34:09,561 | 588 | NtOpenSection |
DesiredAccess => 0x00000002 ObjectAttributes => C:\C:_Documents and Settings_TDW_Cookies_index.dat_32768 SectionHandle => 0x0000019c |
SUCCESS | 0x00000000 | |
| 18:34:09,561 | 588 | ZwMapViewOfSection |
SectionOffset => 0x0013d8c0 SectionHandle => 0x0000019c ProcessHandle => 0xffffffff BaseAddress => 0x00cc0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | NtOpenMutant |
Handle => 0x00000188 MutexName => c:!documents and settings!tdw!local settings!history!history.ie5! |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | NtOpenFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\History\History.IE5\ DesiredAccess => 0x00100001 FileHandle => 0x0000018c |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | NtOpenFile |
ShareAccess => 3 FileName => C:\ DesiredAccess => 0x00100001 FileHandle => 0x0000018c |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | NtOpenFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\History\History.IE5\ DesiredAccess => 0x00100100 FileHandle => 0x0000018c |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | NtSetInformationFile |
FileHandle => 0x0000018c FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\History\History.IE5\index.dat DesiredAccess => 0xc0100080 CreateDisposition => 3 FileHandle => 0x0000018c |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | NtSetInformationFile |
FileHandle => 0x0000018c FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | NtQueryInformationFile |
FileHandle => 0x0000018c FileInformation => \x00\x80\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | NtCreateFile |
ShareAccess => 3 FileName => C:\Documents and Settings\TDW\Local Settings\History\History.IE5\index.dat DesiredAccess => 0xc0100080 CreateDisposition => 3 FileHandle => 0x0000018c |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | NtOpenSection |
DesiredAccess => 0x00000002 ObjectAttributes => C:\C:_Documents and Settings_TDW_Local Settings_History_History.IE5_index.dat_32768 SectionHandle => 0x00000190 |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | ZwMapViewOfSection |
SectionOffset => 0x0013d8c0 SectionHandle => 0x00000190 ProcessHandle => 0xffffffff BaseAddress => 0x00cd0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | NtOpenFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files\Content.IE5\ DesiredAccess => 0x00100100 FileHandle => 0x00000194 |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | NtSetInformationFile |
FileHandle => 0x00000194 FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | NtOpenFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\History\History.IE5\ DesiredAccess => 0x00100100 FileHandle => 0x00000194 |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | NtSetInformationFile |
FileHandle => 0x00000194 FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | NtQueryInformationFile |
FileHandle => 0x00000174 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegOpenKeyExA |
Handle => 0x00000194 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegOpenKeyExA |
Handle => 0x00000198 Registry => 0x00000194 SubKey => Extensible Cache |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegCloseKey |
Handle => 0x00000194 |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegEnumKeyExA |
Index => 0 Handle => 0x00000198 Name => MSHist012014062620140627 Class => |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegOpenKeyExA |
Handle => 0x00000194 Registry => 0x00000198 SubKey => MSHist012014062620140627 |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegQueryValueExA |
Handle => 0x00000194 Data => 0 ValueName => CacheRepair |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegQueryValueExA |
Handle => 0x00000194 Data => %USERPROFILE%\Local Settings\History\History.IE5\MSHist012014062620140627\\x00 ValueName => CachePath |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegQueryValueExA |
Handle => 0x00000194 Data => :2014062620140627: \x00 ValueName => CachePrefix |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegQueryValueExA |
Handle => 0x00000194 Data => 8192 ValueName => CacheLimit |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegQueryValueExA |
Handle => 0x00000194 Data => 11 ValueName => CacheOptions |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegCloseKey |
Handle => 0x00000194 |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegEnumKeyExA |
Index => 1 Handle => 0x00000198 Name => MSHist012014062620140627 Class => |
FAILURE | 0x00000103 | |
| 18:34:09,571 | 588 | RegCloseKey |
Handle => 0x00000198 |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | NtQueryInformationFile |
FileHandle => 0x00000174 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | 1 time |
| 18:34:09,571 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegOpenKeyExW |
Handle => 0x00000198 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegQueryValueExW |
Handle => 0x00000198 DataLength => 4 ValueName => Security_HKLM_only Type => 1300664 |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegCloseKey |
Handle => 0x00000198 |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegOpenKeyExW |
Handle => 0x00000198 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000198 SubKey => FEATURE_AUTOPROXY_CACHE_ANAME_KB921400 |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 18:34:09,571 | 588 | RegCloseKey |
Handle => 0x00000198 |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 18:34:09,571 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
FAILURE | 0x00000002 | 2 times |
| 18:34:09,571 | 588 | RegOpenKeyExW |
Handle => 0x00000198 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegQueryValueExW |
Handle => 0x00000198 DataLength => 4 ValueName => Security_HKLM_only Type => 1300664 |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegCloseKey |
Handle => 0x00000198 |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegOpenKeyExW |
Handle => 0x00000198 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000198 SubKey => FEATURE_TEMPORARYFILES_FOR_NOCACHE_840387 |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 18:34:09,571 | 588 | RegCloseKey |
Handle => 0x00000198 |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 18:34:09,571 | 588 | RegOpenKeyExW |
Handle => 0x00000198 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegQueryValueExW |
Handle => 0x00000198 DataLength => 4 ValueName => Security_HKLM_only Type => 1300664 |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegCloseKey |
Handle => 0x00000198 |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegOpenKeyExW |
Handle => 0x00000198 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000198 SubKey => FEATURE_TEMPORARYFILES_FOR_NOCACHE_840386 |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 18:34:09,571 | 588 | RegCloseKey |
Handle => 0x00000198 |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 18:34:09,571 | 588 | RegOpenKeyExW |
Handle => 0x00000198 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegQueryValueExW |
Handle => 0x00000198 DataLength => 4 ValueName => Security_HKLM_only Type => 1300660 |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegCloseKey |
Handle => 0x00000198 |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegOpenKeyExW |
Handle => 0x00000198 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000198 SubKey => RETRY_HEADERONLYPOST_ONCONNECTIONRESET |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 18:34:09,571 | 588 | RegCloseKey |
Handle => 0x00000198 |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 18:34:09,571 | 588 | RegOpenKeyExW |
Handle => 0x00000198 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegQueryValueExW |
Handle => 0x00000198 DataLength => 4 ValueName => Security_HKLM_only Type => 1300664 |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegCloseKey |
Handle => 0x00000198 |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegOpenKeyExW |
Handle => 0x00000198 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000198 SubKey => FEATURE_CHUNK_TIMEOUT_KB914453 |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 18:34:09,571 | 588 | RegCloseKey |
Handle => 0x00000198 |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 18:34:09,571 | 588 | RegOpenKeyExW |
Handle => 0x00000198 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegQueryValueExW |
Handle => 0x00000198 DataLength => 4 ValueName => Security_HKLM_only Type => 1300664 |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegCloseKey |
Handle => 0x00000198 |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegOpenKeyExW |
Handle => 0x00000198 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000198 SubKey => FEATURE_CERT_TRUST_VERIFIED_KB936882 |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 18:34:09,571 | 588 | RegCloseKey |
Handle => 0x00000198 |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 18:34:09,571 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegOpenKeyExA |
Handle => 0x00000198 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegQueryValueExA |
Handle => 0x00000198 DataLength => 4 ValueName => DisableWorkerThreadHibernation Type => 408 |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegCloseKey |
Handle => 0x00000198 |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => DisableWorkerThreadHibernation Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => DisableReadRange Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => SocketSendBufferLength Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => SocketReceiveBufferLength Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => KeepAliveTimeout Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => MaxHttpRedirects Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => MaxConnectionsPerServer Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => MaxConnectionsPer1_0Server Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => ServerInfoTimeout Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => ReceiveTimeOut Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => DisableNTLMPreAuth Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => ScavengeCacheLowerBound Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => CertCacheNoValidate Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegOpenKeyExA |
Handle => 0x00000198 Registry => 0x80000001 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegQueryValueExA |
Handle => 0x00000198 DataLength => 4 ValueName => ScavengeCacheFileLifeTime Type => 408 |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegCloseKey |
Handle => 0x00000198 |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegOpenKeyExA |
Handle => 0x00000198 Registry => 0x80000002 SubKey => SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegQueryValueExA |
Handle => 0x00000198 DataLength => 4 ValueName => Security_HKLM_only Type => 408 |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegCloseKey |
Handle => 0x00000198 |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegOpenKeyExA |
Handle => 0x00000198 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegOpenKeyExA |
Handle => 0x00000194 Registry => 0x80000001 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache |
SUCCESS | 0x00000000 | |
| 18:34:09,571 | 588 | RegQueryValueExA |
Handle => 0x00000194 DataLength => 4 ValueName => ScavengeCacheFileLimit Type => 404 |
FAILURE | 0x00000002 | |
| 18:34:09,571 | 588 | RegQueryValueExA |
Handle => 0x00000198 DataLength => 4 ValueName => ScavengeCacheFileLimit Type => 408 |
FAILURE | 0x00000002 | |
| 18:34:09,581 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 18:34:09,581 | 588 | RegCloseKey |
Handle => 0x00000198 |
SUCCESS | 0x00000000 | |
| 18:34:09,581 | 588 | RegCloseKey |
Handle => 0x00000194 |
SUCCESS | 0x00000000 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000194 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,581 | 588 | RegQueryValueExW |
Handle => 0x00000194 DataLength => 4 ValueName => Security_HKLM_only Type => 1300664 |
FAILURE | 0x00000002 | |
| 18:34:09,581 | 588 | RegCloseKey |
Handle => 0x00000194 |
SUCCESS | 0x00000000 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000194 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000194 SubKey => FEATURE_BUFFERBREAKING_818408 |
FAILURE | 0x00000002 | |
| 18:34:09,581 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 18:34:09,581 | 588 | RegCloseKey |
Handle => 0x00000194 |
SUCCESS | 0x00000000 | |
| 18:34:09,581 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000194 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,581 | 588 | RegQueryValueExW |
Handle => 0x00000194 DataLength => 4 ValueName => Security_HKLM_only Type => 1300664 |
FAILURE | 0x00000002 | |
| 18:34:09,581 | 588 | RegCloseKey |
Handle => 0x00000194 |
SUCCESS | 0x00000000 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000194 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000194 SubKey => FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954 |
FAILURE | 0x00000002 | |
| 18:34:09,581 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 18:34:09,581 | 588 | RegCloseKey |
Handle => 0x00000194 |
SUCCESS | 0x00000000 | |
| 18:34:09,581 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000194 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,581 | 588 | RegQueryValueExW |
Handle => 0x00000194 DataLength => 4 ValueName => Security_HKLM_only Type => 1300664 |
FAILURE | 0x00000002 | |
| 18:34:09,581 | 588 | RegCloseKey |
Handle => 0x00000194 |
SUCCESS | 0x00000000 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000194 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000194 SubKey => FEATURE_ENSURE_FQDN_FOR_NEGOTIATE_KB899417 |
FAILURE | 0x00000002 | |
| 18:34:09,581 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 18:34:09,581 | 588 | RegCloseKey |
Handle => 0x00000194 |
SUCCESS | 0x00000000 | |
| 18:34:09,581 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000194 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,581 | 588 | RegQueryValueExW |
Handle => 0x00000194 DataLength => 4 ValueName => Security_HKLM_only Type => 1300664 |
FAILURE | 0x00000002 | |
| 18:34:09,581 | 588 | RegCloseKey |
Handle => 0x00000194 |
SUCCESS | 0x00000000 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000194 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000194 SubKey => FEATURE_HTTP_DISABLE_NTLM_PREAUTH_IF_ABORTED_KB902409 |
FAILURE | 0x00000002 | |
| 18:34:09,581 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 18:34:09,581 | 588 | RegCloseKey |
Handle => 0x00000194 |
SUCCESS | 0x00000000 | |
| 18:34:09,581 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000194 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,581 | 588 | RegQueryValueExW |
Handle => 0x00000194 DataLength => 4 ValueName => Security_HKLM_only Type => 1300664 |
FAILURE | 0x00000002 | |
| 18:34:09,581 | 588 | RegCloseKey |
Handle => 0x00000194 |
SUCCESS | 0x00000000 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000194 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000194 SubKey => FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274 |
FAILURE | 0x00000002 | |
| 18:34:09,581 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 18:34:09,581 | 588 | RegCloseKey |
Handle => 0x00000194 |
SUCCESS | 0x00000000 | |
| 18:34:09,581 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000194 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,581 | 588 | RegQueryValueExW |
Handle => 0x00000194 DataLength => 4 ValueName => Security_HKLM_only Type => 1300664 |
FAILURE | 0x00000002 | |
| 18:34:09,581 | 588 | RegCloseKey |
Handle => 0x00000194 |
SUCCESS | 0x00000000 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000194 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000194 SubKey => FEATURE_WPAD_STORE_URL_AS_FQDN_KB903926 |
FAILURE | 0x00000002 | |
| 18:34:09,581 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 18:34:09,581 | 588 | RegCloseKey |
Handle => 0x00000194 |
SUCCESS | 0x00000000 | |
| 18:34:09,581 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000194 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,581 | 588 | RegQueryValueExW |
Handle => 0x00000194 DataLength => 4 ValueName => Security_HKLM_only Type => 1300664 |
FAILURE | 0x00000002 | |
| 18:34:09,581 | 588 | RegCloseKey |
Handle => 0x00000194 |
SUCCESS | 0x00000000 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000194 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000194 SubKey => FEATURE_USE_CNAME_FOR_SPN_KB911149 |
FAILURE | 0x00000002 | |
| 18:34:09,581 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 18:34:09,581 | 588 | RegCloseKey |
Handle => 0x00000194 |
SUCCESS | 0x00000000 | |
| 18:34:09,581 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000194 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,581 | 588 | RegQueryValueExW |
Handle => 0x00000194 DataLength => 4 ValueName => Security_HKLM_only Type => 1300664 |
FAILURE | 0x00000002 | |
| 18:34:09,581 | 588 | RegCloseKey |
Handle => 0x00000194 |
SUCCESS | 0x00000000 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,581 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x00000194 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000194 SubKey => FEATURE_KEEP_CACHE_INDEX_OPEN_KB899342 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x00000194 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x00000194 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExW |
Handle => 0x00000194 DataLength => 4 ValueName => Security_HKLM_only Type => 1300664 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x00000194 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x00000194 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000194 SubKey => FEATURE_WAIT_TIME_THREAD_TERMINATE_KB886801 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x00000194 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x00000194 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExW |
Handle => 0x00000194 DataLength => 4 ValueName => Security_HKLM_only Type => 1300664 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x00000194 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x00000194 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000194 SubKey => FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x00000194 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => HttpDefaultExpiryTimeSecs Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => FtpDefaultExpiryTimeSecs Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => GopherDefaultExpiryTimeSecs Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => DisableCachingOfSSLPages Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => PerUserCookies Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => LeashLegacyCookies Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => DisableNT4RasCheck Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegOpenKeyExA |
Handle => 0x00000194 Registry => 0x80000001 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000194 DataLength => 4 ValueName => DialupUseLanSettings Type => 404 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegOpenKeyExA |
Handle => 0x00000198 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000198 DataLength => 4 ValueName => DialupUseLanSettings Type => 408 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x00000198 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x00000194 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => SendExtraCRLF Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => BypassFtpTimeCheck Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => EnableGopher Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => ReleaseSocketDuringAuth Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegOpenKeyExA |
Handle => 0x00000194 Registry => 0x80000001 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000194 DataLength => 4 ValueName => ReleaseSocketDuring401Auth Type => 404 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegOpenKeyExA |
Handle => 0x00000198 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000198 DataLength => 4 ValueName => ReleaseSocketDuring401Auth Type => 408 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x00000198 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x00000194 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => WpadSearchAllDomains Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegOpenKeyExA |
Handle => 0x00000194 Registry => 0x80000001 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000194 DataLength => 4 ValueName => DisableLegacyPreAuthAsServer Type => 404 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegOpenKeyExA |
Handle => 0x00000198 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000198 DataLength => 4 ValueName => DisableLegacyPreAuthAsServer Type => 408 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x00000198 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x00000194 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegOpenKeyExA |
Handle => 0x00000194 Registry => 0x80000001 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000194 DataLength => 4 ValueName => BypassHTTPNoCacheCheck Type => 404 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegOpenKeyExA |
Handle => 0x00000198 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000198 DataLength => 4 ValueName => BypassHTTPNoCacheCheck Type => 408 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x00000198 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x00000194 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegOpenKeyExA |
Handle => 0x00000194 Registry => 0x80000001 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000194 DataLength => 4 ValueName => BypassSSLNoCacheCheck Type => 404 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegOpenKeyExA |
Handle => 0x00000198 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000198 DataLength => 4 ValueName => BypassSSLNoCacheCheck Type => 408 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x00000198 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x00000194 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegOpenKeyExA |
Handle => 0x00000194 Registry => 0x80000001 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000194 DataLength => 4 ValueName => EnableHttpTrace Type => 404 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegOpenKeyExA |
Handle => 0x00000198 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000198 DataLength => 4 ValueName => EnableHttpTrace Type => 408 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x00000198 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x00000194 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegOpenKeyExA |
Handle => 0x00000194 Registry => 0x80000001 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000194 DataLength => 4 ValueName => NoCheckAutodialOverRide Type => 404 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegOpenKeyExA |
Handle => 0x00000198 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000198 DataLength => 4 ValueName => NoCheckAutodialOverRide Type => 408 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x00000198 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x00000194 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegOpenKeyExA |
Handle => 0x00000194 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000194 DataLength => 4 ValueName => DontUseDNSLoadBalancing Type => 404 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x00000194 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => DontUseDNSLoadBalancing Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => NonBlockingClient32 Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegOpenKeyExA |
Handle => 0x00000194 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000194 DataLength => 4 ValueName => ShareCredsWithWinHttp Type => 404 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x00000194 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 66 ValueName => MimeExclusionListForCache Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000044 Data => multipart/mixed multipart/x-mixed-replace multipart/x-byteranges \x00 ValueName => MimeExclusionListForCache |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 0 ValueName => HeaderExclusionListForCache Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => DnsCacheEnabled Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => DnsCacheEntries Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => DnsCacheTimeout Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000044 Data => ValueName => WarnOnPost |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => WarnAlwaysOnPost Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000044 Data => 0 ValueName => WarnOnZoneCrossing |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => WarnOnBadCertSending Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => WarnOnBadCertRecving Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => WarnOnPostRedirect Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => AlwaysDrainOnRedirect Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => WarnOnHTTPSToHTTPRedirect Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | NtOpenMutant |
Handle => 0x00000194 MutexName => WininetStartupMutex |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => GlobalUserOffline Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | NtQueryInformationFile |
FileHandle => 0x00000174 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | NtOpenMutant |
Handle => 0x771b9318 MutexName => WininetConnectionMutex |
FAILURE | 3221225524 | |
| 18:34:09,591 | 588 | NtCreateMutant |
Handle => 0x000001a0 InitialOwner => 0 MutexName => WininetConnectionMutex |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | NtCreateMutant |
Handle => 0x000001a4 InitialOwner => 0 MutexName => |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | NtOpenMutant |
Handle => 0x000001a8 MutexName => WininetProxyRegistryMutex |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => EnableAutodial Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => rnaapp.exe |
FAILURE | 3221225781 | 1 time |
| 18:34:09,591 | 588 | RegOpenKeyExA |
Handle => 0x000001ac Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x000001ac DataLength => 11 ValueName => UrlEncoding Type => 1 |
FAILURE | 0x000000ea | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x000001ac |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => TruncateFileName Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => BadProxyExpiresTime Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | NtQueryInformationFile |
FileHandle => 0x00000174 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | NtOpenKey |
DesiredAccess => 2147483648 KeyHandle => 0x000001ac ObjectAttributes => \Registry\Machine\Software\Classes\CLSID\{5b4dae26-b807-11d0-9815-00c04fd91972}\InProcServer32 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | NtQueryValueKey |
Information => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00S\x00H\x00E\x00L\x00L\x003\x002\x00.\x00d\x00l\x00l\x00\x00\x00 KeyHandle => 0x000001ac ValueName => Type => 2 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7c9c0000 FileName => SHELL32.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x000001ac Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExW |
Handle => 0x000001ac Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x000001ac |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x000001ac Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExW |
Handle => 0x000001ac Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x000001ac |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x000001ae Registry => 0x000000e6 SubKey => CLSID\{5B4DAE26-B807-11D0-9815-00C04FD91972} |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001ae SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x000001b2 Registry => 0x000000e6 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x000001ae |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x000001ae Registry => 0x000001b2 SubKey => CLSID\{5B4DAE26-B807-11D0-9815-00C04FD91972} |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x000001b6 Registry => 0x000001ae SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExW |
Handle => 0x000001b6 DataLength => 1000 ValueName => InprocServer32 Type => 1567048 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x000001b6 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001ae SubKey => InprocServerX86 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001ae SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x000001b6 Registry => 0x000001ae SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExW |
Handle => 0x000001b6 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00S\x00H\x00E\x00L\x00L\x003\x002\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x000001b6 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001ae SubKey => InprocHandler32 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001ae SubKey => InprocHandlerX86 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001ae SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001ae SubKey => LocalServer |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x000001b6 Registry => 0x000001b2 SubKey => CLSID\{5B4DAE26-B807-11D0-9815-00C04FD91972} |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExW |
Handle => 0x000001b6 DataLength => 100 ValueName => AppID Type => 1300888 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x000001b6 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x000001ae |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x000001b2 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x000001b0 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExW |
Handle => 0x000001b0 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x000001b0 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x000001b0 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExW |
Handle => 0x000001b0 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x000001b0 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x000001b2 Registry => 0x000000e6 SubKey => CLSID\{5B4DAE26-B807-11D0-9815-00C04FD91972} |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001b2 SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x000001ae Registry => 0x000000e6 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x000001b2 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x000001b2 Registry => 0x000001ae SubKey => CLSID\{5B4DAE26-B807-11D0-9815-00C04FD91972} |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x000001b6 Registry => 0x000001b2 SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExW |
Handle => 0x000001b6 DataLength => 1000 ValueName => InprocServer32 Type => 1568064 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x000001b6 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001b2 SubKey => InprocServerX86 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001b2 SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x000001b6 Registry => 0x000001b2 SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExW |
Handle => 0x000001b6 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00S\x00H\x00E\x00L\x00L\x003\x002\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x000001b6 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001b2 SubKey => InprocHandler32 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001b2 SubKey => InprocHandlerX86 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001b2 SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001b2 SubKey => LocalServer |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x000001b6 Registry => 0x000001ae SubKey => CLSID\{5B4DAE26-B807-11D0-9815-00C04FD91972} |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExW |
Handle => 0x000001b6 DataLength => 100 ValueName => AppID Type => 1300804 |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x000001b6 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x000001b2 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x000001b2 Registry => 0x000001ae SubKey => CLSID\{5B4DAE26-B807-11D0-9815-00C04FD91972} |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x000001b6 Registry => 0x000001b2 SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegQueryValueExW |
Handle => 0x000001b6 Data => A\x00p\x00a\x00r\x00t\x00m\x00e\x00n\x00t\x00\x00\x00 ValueName => ThreadingModel |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x000001b6 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x000001b2 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x000001b2 Registry => 0x80000000 SubKey => CLSID\{5B4DAE26-B807-11D0-9815-00C04FD91972} |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001b2 SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:09,591 | 588 | RegCloseKey |
Handle => 0x000001b2 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | LdrLoadDll |
Flags => 1297664 BaseAddress => 0x7c9c0000 FileName => C:\WINDOWS\system32\SHELL32.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DllGetClassObject FunctionAddress => 0x7c9f28b9 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DllCanUnloadNow FunctionAddress => 0x7ca2388d ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,591 | 588 | GetSystemMetrics |
SystemMetricIndex => 72 |
SUCCESS | 0x0000000d | |
| 18:34:09,601 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetThemeBackgroundExtent FunctionAddress => 0x5ad8b1ad ModuleHandle => 0x5ad70000 |
SUCCESS | 0x00000000 | |
| 18:34:09,601 | 588 | LdrLoadDll |
Flags => 1299264 BaseAddress => 0x774e0000 FileName => ole32.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,601 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoInitialize FunctionAddress => 0x77502a53 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,601 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RegisterDragDrop FunctionAddress => 0x774ff62a ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,601 | 588 | LdrGetProcedureAddress |
Ordinal => 410 FunctionName => FunctionAddress => 0x773e21ef ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,601 | 588 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0007 SectionHandle => 0x000001b0 FileHandle => 0x00000000 |
SUCCESS | 0x00000000 | |
| 18:34:09,601 | 588 | ZwMapViewOfSection |
SectionOffset => 0x0013db1c SectionHandle => 0x000001b0 ProcessHandle => 0xffffffff BaseAddress => 0x00ce0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,601 | 588 | ZwMapViewOfSection |
SectionOffset => 0x0013db3c SectionHandle => 0x000001b4 ProcessHandle => 0xffffffff BaseAddress => 0x00ce0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,601 | 588 | ZwMapViewOfSection |
SectionOffset => 0x0013db70 SectionHandle => 0x000001b0 ProcessHandle => 0xffffffff BaseAddress => 0x00ce0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,601 | 588 | LdrGetProcedureAddress |
Ordinal => 413 FunctionName => FunctionAddress => 0x773e2036 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,601 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:09,601 | 588 | GetSystemMetrics |
SystemMetricIndex => 1 |
SUCCESS | 0x00000258 | |
| 18:34:09,601 | 588 | LdrLoadDll |
Flags => 1301400 BaseAddress => 0x5ad70000 FileName => UxTheme.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,601 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetWindowTheme FunctionAddress => 0x5ad7b39e ModuleHandle => 0x5ad70000 |
SUCCESS | 0x00000000 | |
| 18:34:09,601 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | 1 time |
| 18:34:09,601 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoCreateInstance FunctionAddress => 0x7750057e ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,601 | 588 | RegOpenKeyExW |
Handle => 0x000001b4 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | RegQueryValueExW |
Handle => 0x000001b4 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | RegCloseKey |
Handle => 0x000001b4 |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | RegOpenKeyExW |
Handle => 0x000001b4 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | RegQueryValueExW |
Handle => 0x000001b4 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | RegCloseKey |
Handle => 0x000001b4 |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | RegOpenKeyExW |
Handle => 0x000001b6 Registry => 0x000000e6 SubKey => CLSID\{7EB5FBE4-2100-49E6-8593-17E130122F91} |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001b6 SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:09,611 | 588 | RegOpenKeyExW |
Handle => 0x000001b2 Registry => 0x000000e6 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | RegCloseKey |
Handle => 0x000001b6 |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | RegOpenKeyExW |
Handle => 0x000001b6 Registry => 0x000001b2 SubKey => CLSID\{7EB5FBE4-2100-49E6-8593-17E130122F91} |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | RegOpenKeyExW |
Handle => 0x000001ba Registry => 0x000001b6 SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | RegQueryValueExW |
Handle => 0x000001ba DataLength => 1000 ValueName => InprocServer32 Type => 1567048 |
FAILURE | 0x00000002 | |
| 18:34:09,611 | 588 | RegCloseKey |
Handle => 0x000001ba |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001b6 SubKey => InprocServerX86 |
FAILURE | 0x00000002 | |
| 18:34:09,611 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001b6 SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:09,611 | 588 | RegOpenKeyExW |
Handle => 0x000001ba Registry => 0x000001b6 SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | RegQueryValueExW |
Handle => 0x000001ba Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00S\x00H\x00E\x00L\x00L\x003\x002\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | RegCloseKey |
Handle => 0x000001ba |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001b6 SubKey => InprocHandler32 |
FAILURE | 0x00000002 | |
| 18:34:09,611 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001b6 SubKey => InprocHandlerX86 |
FAILURE | 0x00000002 | |
| 18:34:09,611 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001b6 SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:09,611 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001b6 SubKey => LocalServer |
FAILURE | 0x00000002 | |
| 18:34:09,611 | 588 | RegOpenKeyExW |
Handle => 0x000001ba Registry => 0x000001b2 SubKey => CLSID\{7EB5FBE4-2100-49E6-8593-17E130122F91} |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | RegQueryValueExW |
Handle => 0x000001ba DataLength => 100 ValueName => AppID Type => 1299976 |
FAILURE | 0x00000002 | |
| 18:34:09,611 | 588 | RegCloseKey |
Handle => 0x000001ba |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | RegCloseKey |
Handle => 0x000001b6 |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | RegOpenKeyExW |
Handle => 0x000001b6 Registry => 0x000001b2 SubKey => CLSID\{7EB5FBE4-2100-49E6-8593-17E130122F91} |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | RegOpenKeyExW |
Handle => 0x000001ba Registry => 0x000001b6 SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | RegQueryValueExW |
Handle => 0x000001ba Data => A\x00p\x00a\x00r\x00t\x00m\x00e\x00n\x00t\x00\x00\x00 ValueName => ThreadingModel |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | RegCloseKey |
Handle => 0x000001ba |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | RegCloseKey |
Handle => 0x000001b6 |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | RegOpenKeyExW |
Handle => 0x000001b6 Registry => 0x80000000 SubKey => CLSID\{7EB5FBE4-2100-49E6-8593-17E130122F91} |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001b6 SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:09,611 | 588 | RegCloseKey |
Handle => 0x000001b6 |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | RegOpenKeyExW |
Handle => 0x000001b4 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Toolbar |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | RegQueryValueExW |
Handle => 0x000001b4 DataLength => 520 ValueName => SmBrandBitmap Type => 1300272 |
FAILURE | 0x00000002 | |
| 18:34:09,611 | 588 | RegCloseKey |
Handle => 0x000001b4 |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | RegOpenKeyExW |
Handle => 0x000001b4 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Toolbar |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | RegQueryValueExW |
Handle => 0x000001b4 DataLength => 520 ValueName => SmallBitmap Type => 1300272 |
FAILURE | 0x00000002 | |
| 18:34:09,611 | 588 | RegCloseKey |
Handle => 0x000001b4 |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | RegOpenKeyExW |
Handle => 0x000001b4 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Toolbar |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | RegQueryValueExW |
Handle => 0x000001b4 DataLength => 520 ValueName => BrandBitmap Type => 1300272 |
FAILURE | 0x00000002 | |
| 18:34:09,611 | 588 | RegCloseKey |
Handle => 0x000001b4 |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | RegOpenKeyExW |
Handle => 0x000001b4 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Toolbar |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | RegQueryValueExW |
Handle => 0x000001b4 DataLength => 520 ValueName => BigBitmap Type => 1300272 |
FAILURE | 0x00000002 | |
| 18:34:09,611 | 588 | RegCloseKey |
Handle => 0x000001b4 |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions |
FAILURE | 0x00000002 | |
| 18:34:09,611 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions |
FAILURE | 0x00000002 | |
| 18:34:09,611 | 588 | GetSystemMetrics |
SystemMetricIndex => 72 |
SUCCESS | 0x0000000d | |
| 18:34:09,611 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:09,611 | 588 | LdrGetProcedureAddress |
Ordinal => 227 FunctionName => FunctionAddress => 0x7e2aeec7 ModuleHandle => 0x7e290000 |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 18:34:09,611 | 588 | RegOpenKeyExW |
Handle => 0x000001b4 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | RegQueryValueExW |
Handle => 0x000001b4 DataLength => 4 ValueName => SmallIcons Type => 1301128 |
FAILURE | 0x00000002 | |
| 18:34:09,611 | 588 | RegCloseKey |
Handle => 0x000001b4 |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\SmallIcons |
FAILURE | 0x00000002 | |
| 18:34:09,611 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\SmallIcons |
FAILURE | 0x00000002 | |
| 18:34:09,611 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7c9c0000 FileName => shell32.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => ImageList_Create FunctionAddress => 0x773e935b ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => ImageList_AddMasked FunctionAddress => 0x773e537e ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | LdrGetDllHandle |
ModuleHandle => 0x77f10000 FileName => GDI32 |
SUCCESS | 0x00000000 | |
| 18:34:09,611 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetLayout FunctionAddress => 0x77f19008 ModuleHandle => 0x77f10000 |
SUCCESS | 0x00000000 | |
| 18:34:09,641 | 588 | LdrGetProcedureAddress |
Ordinal => 321 FunctionName => FunctionAddress => 0x773e0aa1 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,641 | 588 | LdrGetProcedureAddress |
Ordinal => 320 FunctionName => FunctionAddress => 0x773e0a75 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,641 | 588 | LdrGetProcedureAddress |
Ordinal => 324 FunctionName => FunctionAddress => 0x773e0c22 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,641 | 588 | GetSystemMetrics |
SystemMetricIndex => 0 |
SUCCESS | 0x00000320 | |
| 18:34:09,641 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 18:34:09,641 | 588 | RegOpenKeyExW |
Handle => 0x000001b4 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 18:34:09,641 | 588 | RegQueryValueExW |
Handle => 0x000001b4 DataLength => 4 ValueName => NoneLegacyShellMode Type => 1300832 |
FAILURE | 0x00000002 | |
| 18:34:09,641 | 588 | RegCloseKey |
Handle => 0x000001b4 |
SUCCESS | 0x00000000 | |
| 18:34:09,641 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 18:34:09,641 | 588 | RegOpenKeyExW |
Handle => 0x000001b4 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 18:34:09,641 | 588 | RegQueryValueExW |
Handle => 0x000001b4 DataLength => 4 ValueName => SpecifyDefaultButtons Type => 1300836 |
FAILURE | 0x00000002 | |
| 18:34:09,641 | 588 | RegCloseKey |
Handle => 0x000001b4 |
SUCCESS | 0x00000000 | |
| 18:34:09,641 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetThemeTextExtent FunctionAddress => 0x5ad72e63 ModuleHandle => 0x5ad70000 |
SUCCESS | 0x00000000 | |
| 18:34:09,641 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions |
FAILURE | 0x00000002 | |
| 18:34:09,641 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions |
FAILURE | 0x00000002 | |
| 18:34:09,641 | 588 | RegOpenKeyExW |
Handle => 0x000001b4 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Toolbar\WebBrowser |
SUCCESS | 0x00000000 | |
| 18:34:09,641 | 588 | RegQueryValueExW |
Handle => 0x000001b4 DataLength => 32 ValueName => {01E04581-4EEE-11D0-BFE9-00AA005B4383} Type => 3 |
SUCCESS | 0x00000000 | |
| 18:34:09,641 | 588 | RegCloseKey |
Handle => 0x000001b4 |
SUCCESS | 0x00000000 | |
| 18:34:09,641 | 588 | RegCreateKeyExW |
Handle => 0x000001b4 Access => 131103 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Internet Explorer\Toolbar |
SUCCESS | 0x00000000 | |
| 18:34:09,641 | 588 | RegOpenKeyExA |
Handle => 0x000001b8 Registry => 0x000001b4 SubKey => WebBrowser |
SUCCESS | 0x00000000 | |
| 18:34:09,641 | 588 | RegQueryValueExA |
Handle => 0x000001b8 DataLength => 32 ValueName => {01E04581-4EEE-11D0-BFE9-00AA005B4383} Type => 3 |
SUCCESS | 0x00000000 | |
| 18:34:09,641 | 588 | RegQueryValueExA |
Handle => 0x000001b8 Data => ValueName => {01E04581-4EEE-11D0-BFE9-00AA005B4383} |
SUCCESS | 0x00000000 | |
| 18:34:09,641 | 588 | RegCloseKey |
Handle => 0x000001b8 |
SUCCESS | 0x00000000 | |
| 18:34:09,641 | 588 | RegCloseKey |
Handle => 0x000001b4 |
SUCCESS | 0x00000000 | |
| 18:34:09,651 | 588 | RegOpenKeyExW |
Handle => 0x000001b4 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:09,651 | 588 | RegQueryValueExW |
Handle => 0x000001b4 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:09,651 | 588 | RegCloseKey |
Handle => 0x000001b4 |
SUCCESS | 0x00000000 | |
| 18:34:09,651 | 588 | RegOpenKeyExW |
Handle => 0x000001b4 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:09,651 | 588 | RegQueryValueExW |
Handle => 0x000001b4 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:09,651 | 588 | RegCloseKey |
Handle => 0x000001b4 |
SUCCESS | 0x00000000 | |
| 18:34:09,651 | 588 | RegOpenKeyExW |
Handle => 0x000001b6 Registry => 0x000000e6 SubKey => CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383} |
SUCCESS | 0x00000000 | |
| 18:34:09,651 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001b6 SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:09,651 | 588 | RegOpenKeyExW |
Handle => 0x000001ba Registry => 0x000000e6 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:09,651 | 588 | RegCloseKey |
Handle => 0x000001b6 |
SUCCESS | 0x00000000 | |
| 18:34:09,651 | 588 | RegOpenKeyExW |
Handle => 0x000001b6 Registry => 0x000001ba SubKey => CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383} |
SUCCESS | 0x00000000 | |
| 18:34:09,651 | 588 | RegOpenKeyExW |
Handle => 0x000001be Registry => 0x000001b6 SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:09,651 | 588 | RegQueryValueExW |
Handle => 0x000001be DataLength => 1000 ValueName => InprocServer32 Type => 1568064 |
FAILURE | 0x00000002 | |
| 18:34:09,651 | 588 | RegCloseKey |
Handle => 0x000001be |
SUCCESS | 0x00000000 | |
| 18:34:09,651 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001b6 SubKey => InprocServerX86 |
FAILURE | 0x00000002 | |
| 18:34:09,651 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001b6 SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:09,651 | 588 | RegOpenKeyExW |
Handle => 0x000001be Registry => 0x000001b6 SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:09,651 | 588 | RegQueryValueExW |
Handle => 0x000001be Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00b\x00r\x00o\x00w\x00s\x00e\x00u\x00i\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:09,651 | 588 | RegCloseKey |
Handle => 0x000001be |
SUCCESS | 0x00000000 | |
| 18:34:09,651 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001b6 SubKey => InprocHandler32 |
FAILURE | 0x00000002 | |
| 18:34:09,651 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001b6 SubKey => InprocHandlerX86 |
FAILURE | 0x00000002 | |
| 18:34:09,651 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001b6 SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:09,651 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001b6 SubKey => LocalServer |
FAILURE | 0x00000002 | |
| 18:34:09,651 | 588 | RegOpenKeyExW |
Handle => 0x000001be Registry => 0x000001ba SubKey => CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383} |
SUCCESS | 0x00000000 | |
| 18:34:09,651 | 588 | RegQueryValueExW |
Handle => 0x000001be DataLength => 100 ValueName => AppID Type => 1299236 |
FAILURE | 0x00000002 | |
| 18:34:09,651 | 588 | RegCloseKey |
Handle => 0x000001be |
SUCCESS | 0x00000000 | |
| 18:34:09,651 | 588 | RegCloseKey |
Handle => 0x000001b6 |
SUCCESS | 0x00000000 | |
| 18:34:09,651 | 588 | RegOpenKeyExW |
Handle => 0x000001b6 Registry => 0x000001ba SubKey => CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383} |
SUCCESS | 0x00000000 | |
| 18:34:09,651 | 588 | RegCloseKey |
Handle => 0x000001b6 |
SUCCESS | 0x00000000 | |
| 18:34:09,651 | 588 | RegOpenKeyExW |
Handle => 0x000001b6 Registry => 0x000001ba SubKey => CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383} |
SUCCESS | 0x00000000 | |
| 18:34:09,651 | 588 | RegOpenKeyExW |
Handle => 0x000001be Registry => 0x000001b6 SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:09,651 | 588 | RegQueryValueExW |
Handle => 0x000001be Data => A\x00p\x00a\x00r\x00t\x00m\x00e\x00n\x00t\x00\x00\x00 ValueName => ThreadingModel |
SUCCESS | 0x00000000 | |
| 18:34:09,651 | 588 | RegCloseKey |
Handle => 0x000001be |
SUCCESS | 0x00000000 | |
| 18:34:09,651 | 588 | RegCloseKey |
Handle => 0x000001b6 |
SUCCESS | 0x00000000 | |
| 18:34:09,651 | 588 | RegOpenKeyExW |
Handle => 0x000001b6 Registry => 0x80000000 SubKey => CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383} |
SUCCESS | 0x00000000 | |
| 18:34:09,651 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001b6 SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:09,651 | 588 | RegCloseKey |
Handle => 0x000001b6 |
SUCCESS | 0x00000000 | |
| 18:34:09,651 | 588 | LdrLoadDll |
Flags => 1296012 BaseAddress => 0x75f80000 FileName => C:\WINDOWS\system32\browseui.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,651 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DllGetClassObject FunctionAddress => 0x75f831e4 ModuleHandle => 0x75f80000 |
SUCCESS | 0x00000000 | |
| 18:34:09,651 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DllCanUnloadNow FunctionAddress => 0x75f8a2e9 ModuleHandle => 0x75f80000 |
SUCCESS | 0x00000000 | |
| 18:34:09,651 | 588 | GetSystemMetrics |
SystemMetricIndex => 41 |
SUCCESS | 0x00000000 | 1 time |
| 18:34:09,651 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:09,651 | 588 | GetSystemMetrics |
SystemMetricIndex => 8 |
SUCCESS | 0x00000003 | |
| 18:34:09,651 | 588 | GetSystemMetrics |
SystemMetricIndex => 7 |
SUCCESS | 0x00000003 | |
| 18:34:09,651 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetThemeInt FunctionAddress => 0x5ad7459d ModuleHandle => 0x5ad70000 |
SUCCESS | 0x00000000 | |
| 18:34:09,651 | 588 | GetSystemMetrics |
SystemMetricIndex => 2 |
SUCCESS | 0x00000011 | 2 times |
| 18:34:09,651 | 588 | GetSystemMetrics |
SystemMetricIndex => 7 |
SUCCESS | 0x00000003 | |
| 18:34:09,651 | 588 | GetSystemMetrics |
SystemMetricIndex => 8 |
SUCCESS | 0x00000003 | |
| 18:34:09,661 | 588 | GetSystemMetrics |
SystemMetricIndex => 41 |
SUCCESS | 0x00000000 | 3 times |
| 18:34:09,661 | 588 | RegOpenKeyExW |
Handle => 0x000001b4 Registry => 0x80000002 SubKey => Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes |
SUCCESS | 0x00000000 | |
| 18:34:09,661 | 588 | RegQueryValueExW |
Handle => 0x000001b4 DataLength => 64 ValueName => Tahoma Type => 1298284 |
FAILURE | 0x00000002 | |
| 18:34:09,661 | 588 | RegCloseKey |
Handle => 0x000001b4 |
SUCCESS | 0x00000000 | |
| 18:34:09,661 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:09,661 | 588 | GetSystemMetrics |
SystemMetricIndex => 8 |
SUCCESS | 0x00000003 | |
| 18:34:09,661 | 588 | GetSystemMetrics |
SystemMetricIndex => 7 |
SUCCESS | 0x00000003 | |
| 18:34:09,661 | 588 | GetSystemMetrics |
SystemMetricIndex => 2 |
SUCCESS | 0x00000011 | 2 times |
| 18:34:09,661 | 588 | GetSystemMetrics |
SystemMetricIndex => 7 |
SUCCESS | 0x00000003 | |
| 18:34:09,661 | 588 | GetSystemMetrics |
SystemMetricIndex => 8 |
SUCCESS | 0x00000003 | 1 time |
| 18:34:09,661 | 588 | GetSystemMetrics |
SystemMetricIndex => 41 |
SUCCESS | 0x00000000 | 1 time |
| 18:34:09,661 | 588 | LdrGetProcedureAddress |
Ordinal => 323 FunctionName => FunctionAddress => 0x773e0b17 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,661 | 588 | LdrGetProcedureAddress |
Ordinal => 71 FunctionName => FunctionAddress => 0x7c9f3d09 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,661 | 588 | RegOpenKeyExW |
Handle => 0x000001b4 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer |
SUCCESS | 0x00000000 | |
| 18:34:09,661 | 588 | RegOpenKeyExW |
Handle => 0x000001bc Registry => 0x000001b4 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:09,661 | 588 | RegQueryValueExW |
Handle => 0x000001bc DataLength => 40 ValueName => Max Cached Icons Type => 1301372 |
FAILURE | 0x00000002 | |
| 18:34:09,661 | 588 | RegCloseKey |
Handle => 0x000001bc |
SUCCESS | 0x00000000 | |
| 18:34:09,661 | 588 | GetSystemMetrics |
SystemMetricIndex => 11 |
SUCCESS | 0x00000020 | |
| 18:34:09,661 | 588 | RegOpenKeyExW |
Handle => 0x000001bc Registry => 0x80000001 SubKey => Control Panel\Desktop\WindowMetrics |
SUCCESS | 0x00000000 | |
| 18:34:09,661 | 588 | RegQueryValueExW |
Handle => 0x000001bc Data => 3\x002\x00\x00\x00 ValueName => Shell Icon Size |
SUCCESS | 0x00000000 | |
| 18:34:09,661 | 588 | RegCloseKey |
Handle => 0x000001bc |
SUCCESS | 0x00000000 | |
| 18:34:09,661 | 588 | GetSystemMetrics |
SystemMetricIndex => 11 |
SUCCESS | 0x00000020 | |
| 18:34:09,661 | 588 | RegOpenKeyExW |
Handle => 0x000001bc Registry => 0x80000001 SubKey => Control Panel\Desktop\WindowMetrics |
SUCCESS | 0x00000000 | |
| 18:34:09,661 | 588 | RegQueryValueExW |
Handle => 0x000001bc DataLength => 40 ValueName => Shell Small Icon Size Type => 1301352 |
FAILURE | 0x00000002 | |
| 18:34:09,661 | 588 | RegCloseKey |
Handle => 0x000001bc |
SUCCESS | 0x00000000 | |
| 18:34:09,661 | 588 | GetSystemMetrics |
SystemMetricIndex => 11 |
SUCCESS | 0x00000020 | |
| 18:34:09,661 | 588 | GetSystemMetrics |
SystemMetricIndex => 12 |
SUCCESS | 0x00000020 | |
| 18:34:09,661 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:09,661 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:09,661 | 588 | RegOpenKeyExW |
Handle => 0x000001bc Registry => 0x80000001 SubKey => Control Panel\Desktop\WindowMetrics |
SUCCESS | 0x00000000 | |
| 18:34:09,661 | 588 | RegQueryValueExW |
Handle => 0x000001bc Data => 1\x006\x00\x00\x00 ValueName => Shell Icon Bpp |
SUCCESS | 0x00000000 | |
| 18:34:09,661 | 588 | RegCloseKey |
Handle => 0x000001bc |
SUCCESS | 0x00000000 | |
| 18:34:09,661 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => KERNEL32 |
SUCCESS | 0x00000000 | |
| 18:34:09,661 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetUserDefaultUILanguage FunctionAddress => 0x7c813100 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 18:34:09,661 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => ImageList_Create FunctionAddress => 0x773e935b ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,661 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => ImageList_SetBkColor FunctionAddress => 0x773e5264 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,661 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001b4 SubKey => Shell Icons |
FAILURE | 0x00000002 | |
| 18:34:09,661 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => ImageList_GetImageCount FunctionAddress => 0x773e5150 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,661 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => ImageList_ReplaceIcon FunctionAddress => 0x773e521d ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,661 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => C:\WINDOWS\system32\SHELL32.dll |
FAILURE | 3221225781 | |
| 18:34:09,661 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7c9c0000 FileName => C:\WINDOWS\system32\SHELL32.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,661 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => C:\WINDOWS\system32\SHELL32.dll |
FAILURE | 3221225781 | |
| 18:34:09,661 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7c9c0000 FileName => C:\WINDOWS\system32\SHELL32.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,661 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => C:\WINDOWS\system32\SHELL32.dll |
FAILURE | 3221225781 | |
| 18:34:09,661 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7c9c0000 FileName => C:\WINDOWS\system32\SHELL32.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,661 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => C:\WINDOWS\system32\SHELL32.dll |
FAILURE | 3221225781 | |
| 18:34:09,661 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7c9c0000 FileName => C:\WINDOWS\system32\SHELL32.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,671 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => ImageList_SetOverlayImage FunctionAddress => 0x773e52eb ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,671 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => C:\WINDOWS\system32\SHELL32.dll |
FAILURE | 3221225781 | |
| 18:34:09,671 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7c9c0000 FileName => C:\WINDOWS\system32\SHELL32.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,671 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => C:\WINDOWS\system32\SHELL32.dll |
FAILURE | 3221225781 | |
| 18:34:09,671 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7c9c0000 FileName => C:\WINDOWS\system32\SHELL32.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,671 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => C:\WINDOWS\system32\SHELL32.dll |
FAILURE | 3221225781 | |
| 18:34:09,671 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7c9c0000 FileName => C:\WINDOWS\system32\SHELL32.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,671 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => C:\WINDOWS\system32\SHELL32.dll |
FAILURE | 3221225781 | |
| 18:34:09,671 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7c9c0000 FileName => C:\WINDOWS\system32\SHELL32.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,671 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => C:\WINDOWS\system32\SHELL32.dll |
FAILURE | 3221225781 | |
| 18:34:09,671 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7c9c0000 FileName => C:\WINDOWS\system32\SHELL32.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,671 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => C:\WINDOWS\system32\SHELL32.dll |
FAILURE | 3221225781 | |
| 18:34:09,671 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7c9c0000 FileName => C:\WINDOWS\system32\SHELL32.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,671 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => C:\WINDOWS\system32\SHELL32.dll |
FAILURE | 3221225781 | |
| 18:34:09,671 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7c9c0000 FileName => C:\WINDOWS\system32\SHELL32.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,671 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => C:\WINDOWS\system32\SHELL32.dll |
FAILURE | 3221225781 | |
| 18:34:09,671 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7c9c0000 FileName => C:\WINDOWS\system32\SHELL32.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoInitializeEx FunctionAddress => 0x774fef7b ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | RegOpenKeyExW |
Handle => 0x000001bc Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | RegEnumKeyW |
Handle => 0x000001bc Name => Offline Files Index => 0 |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | RegOpenKeyExW |
Handle => 0x000001c0 Registry => 0x000001bc SubKey => Offline Files |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | RegQueryValueExW |
Handle => 0x000001c0 DataLength => 4 ValueName => SuppressionPolicy Type => 1297532 |
FAILURE | 0x00000002 | |
| 18:34:09,681 | 588 | RegQueryValueExW |
Handle => 0x000001c0 Data => {\x007\x005\x000\x00f\x00d\x00f\x000\x00e\x00-\x002\x00a\x002\x006\x00-\x001\x001\x00d\x001\x00-\x00a\x003\x00e\x00a\x00-\x000\x008\x000\x000\x003\x006\x005\x008\x007\x00f\x000\x003\x00}\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | RegCloseKey |
Handle => 0x000001c0 |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | RegEnumKeyW |
Handle => 0x000001bc Name => {750fdf0e-2a26-11d1-a3ea-080036587f03} Index => 1 |
FAILURE | 0x00000103 | |
| 18:34:09,681 | 588 | RegCloseKey |
Handle => 0x000001bc |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | RegOpenKeyExW |
Handle => 0x000001be Registry => 0x80000000 SubKey => CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\InProcServer32 |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | RegQueryValueExW |
Handle => 0x000001be Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00S\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00c\x00s\x00c\x00u\x00i\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | RegQueryValueExW |
Handle => 0x000001be DataLength => 0 ValueName => LoadWithoutCOM Type => 0 |
FAILURE | 0x00000002 | |
| 18:34:09,681 | 588 | RegCloseKey |
Handle => 0x000001be |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | NtOpenKey |
DesiredAccess => 2147483648 KeyHandle => 0x000001bc ObjectAttributes => \Registry\Machine\Software\Classes\CLSID\{750fdf0e-2a26-11d1-a3ea-080036587f03}\InProcServer32 |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | NtQueryValueKey |
Information => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00S\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00c\x00s\x00c\x00u\x00i\x00.\x00d\x00l\x00l\x00\x00\x00 KeyHandle => 0x000001bc ValueName => Type => 2 |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => cscui.dll |
FAILURE | 3221225781 | |
| 18:34:09,681 | 588 | NtCreateFile |
ShareAccess => 1 FileName => C:\WINDOWS\System32\cscui.dll DesiredAccess => 0x80100080 CreateDisposition => 1 FileHandle => 0x000001bc |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | NtOpenMutant |
Handle => 0x000001c0 MutexName => ShimCacheMutex |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | NtOpenSection |
DesiredAccess => 0x00000002 ObjectAttributes => C:\ShimSharedMemory SectionHandle => 0x000001c4 |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | ZwMapViewOfSection |
SectionOffset => 0x0013c614 SectionHandle => 0x000001c4 ProcessHandle => 0xffffffff BaseAddress => 0x00d20000 |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | NtQueryInformationFile |
FileHandle => 0x000001bc FileInformation => \x00\xa0\xa1\x10'\x9e\xc8\x01\x00\xba\x9c\xe4|\xa0\xcf\x01\x00\xa0\xa1\x10'\x9e\xc8\x01\x10\x15\xd7EoI\xcd\x01 \x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | NtQueryInformationFile |
FileHandle => 0x000001bc FileInformation => \x00\x00\x05\x00\x00\x00\x00\x00\x00\xfc\x04\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x00000000 ObjectAttributes => \REGISTRY\USER\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers |
FAILURE | 3221225524 | |
| 18:34:09,681 | 588 | RegOpenKeyExW |
Handle => 0x000001bc Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | RegQueryValueExW |
Handle => 0x000001bc Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | RegCloseKey |
Handle => 0x000001bc |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | RegOpenKeyExW |
Handle => 0x000001bc Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | RegQueryValueExW |
Handle => 0x000001bc Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | RegCloseKey |
Handle => 0x000001bc |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | RegOpenKeyExW |
Handle => 0x000001be Registry => 0x000000e6 SubKey => CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03} |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001be SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:09,681 | 588 | RegOpenKeyExW |
Handle => 0x000001ca Registry => 0x000000e6 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | RegCloseKey |
Handle => 0x000001be |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | RegOpenKeyExW |
Handle => 0x000001be Registry => 0x000001ca SubKey => CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03} |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | RegOpenKeyExW |
Handle => 0x000001ce Registry => 0x000001be SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | RegQueryValueExW |
Handle => 0x000001ce DataLength => 1000 ValueName => InprocServer32 Type => 1567048 |
FAILURE | 0x00000002 | |
| 18:34:09,681 | 588 | RegCloseKey |
Handle => 0x000001ce |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001be SubKey => InprocServerX86 |
FAILURE | 0x00000002 | |
| 18:34:09,681 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001be SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:09,681 | 588 | RegOpenKeyExW |
Handle => 0x000001ce Registry => 0x000001be SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | RegQueryValueExW |
Handle => 0x000001ce Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00S\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00c\x00s\x00c\x00u\x00i\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | RegCloseKey |
Handle => 0x000001ce |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001be SubKey => InprocHandler32 |
FAILURE | 0x00000002 | |
| 18:34:09,681 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001be SubKey => InprocHandlerX86 |
FAILURE | 0x00000002 | |
| 18:34:09,681 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001be SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:09,681 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001be SubKey => LocalServer |
FAILURE | 0x00000002 | |
| 18:34:09,681 | 588 | RegOpenKeyExW |
Handle => 0x000001ce Registry => 0x000001ca SubKey => CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03} |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | RegQueryValueExW |
Handle => 0x000001ce DataLength => 100 ValueName => AppID Type => 1295740 |
FAILURE | 0x00000002 | |
| 18:34:09,681 | 588 | RegCloseKey |
Handle => 0x000001ce |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | RegCloseKey |
Handle => 0x000001be |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | RegOpenKeyExW |
Handle => 0x000001be Registry => 0x000001ca SubKey => CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03} |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | RegOpenKeyExW |
Handle => 0x000001ce Registry => 0x000001be SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | RegQueryValueExW |
Handle => 0x000001ce Data => A\x00p\x00a\x00r\x00t\x00m\x00e\x00n\x00t\x00\x00\x00 ValueName => ThreadingModel |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | RegCloseKey |
Handle => 0x000001ce |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | RegCloseKey |
Handle => 0x000001be |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | RegOpenKeyExW |
Handle => 0x000001be Registry => 0x80000000 SubKey => CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03} |
SUCCESS | 0x00000000 | |
| 18:34:09,681 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001be SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:09,681 | 588 | RegCloseKey |
Handle => 0x000001be |
SUCCESS | 0x00000000 | |
| 18:34:09,691 | 588 | LdrLoadDll |
Flags => 1292516 BaseAddress => 0x77a20000 FileName => C:\WINDOWS\System32\cscui.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,691 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DllGetClassObject FunctionAddress => 0x77a21d1d ModuleHandle => 0x77a20000 |
SUCCESS | 0x00000000 | |
| 18:34:09,691 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DllCanUnloadNow FunctionAddress => 0x77a2172d ModuleHandle => 0x77a20000 |
SUCCESS | 0x00000000 | |
| 18:34:09,691 | 588 | NtCreateFile |
ShareAccess => 3 FileName => shadow DesiredAccess => 0x001000a0 CreateDisposition => 1 FileHandle => 0x000001bc |
SUCCESS | 0x00000000 | |
| 18:34:09,691 | 588 | DeviceIoControl |
DeviceHandle => 0x000001bc OutBuffer => IoControlCode => 1314811 InBuffer => |
SUCCESS | 0x00000001 | |
| 18:34:09,691 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => EXPLORER.EXE |
FAILURE | 3221225781 | 1 time |
| 18:34:09,691 | 588 | LdrGetProcedureAddress |
Ordinal => 321 FunctionName => FunctionAddress => 0x773e0aa1 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,691 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoUninitialize FunctionAddress => 0x774fee46 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,691 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000001b4 SubKey => Shell Icons |
FAILURE | 0x00000002 | |
| 18:34:09,691 | 588 | GetSystemMetrics |
SystemMetricIndex => 8 |
SUCCESS | 0x00000003 | |
| 18:34:09,691 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:09,691 | 588 | GetSystemMetrics |
SystemMetricIndex => 8 |
SUCCESS | 0x00000003 | |
| 18:34:09,691 | 588 | GetSystemMetrics |
SystemMetricIndex => 7 |
SUCCESS | 0x00000003 | |
| 18:34:09,701 | 588 | GetSystemMetrics |
SystemMetricIndex => 2 |
SUCCESS | 0x00000011 | 2 times |
| 18:34:09,701 | 588 | GetSystemMetrics |
SystemMetricIndex => 7 |
SUCCESS | 0x00000003 | |
| 18:34:09,701 | 588 | GetSystemMetrics |
SystemMetricIndex => 8 |
SUCCESS | 0x00000003 | |
| 18:34:09,701 | 588 | GetSystemMetrics |
SystemMetricIndex => 86 |
SUCCESS | 0x00000000 | |
| 18:34:09,701 | 588 | RegOpenKeyExA |
Handle => 0x000001d4 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main |
SUCCESS | 0x00000000 | |
| 18:34:09,701 | 588 | RegQueryValueExW |
Handle => 0x000001d4 DataLength => 520 ValueName => ShowGoButton Type => 1301124 |
FAILURE | 0x00000002 | |
| 18:34:09,701 | 588 | RegOpenKeyExA |
Handle => 0x000001d8 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main |
SUCCESS | 0x00000000 | |
| 18:34:09,701 | 588 | RegQueryValueExW |
Handle => 0x000001d8 DataLength => 520 ValueName => ShowGoButton Type => 1301124 |
FAILURE | 0x00000002 | |
| 18:34:09,701 | 588 | RegCloseKey |
Handle => 0x000001d8 |
SUCCESS | 0x00000000 | |
| 18:34:09,701 | 588 | RegCloseKey |
Handle => 0x000001d4 |
SUCCESS | 0x00000000 | |
| 18:34:09,701 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7c9c0000 FileName => shell32.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,701 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => ImageList_LoadImageW FunctionAddress => 0x773e9389 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,701 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7c9c0000 FileName => shell32.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,701 | 588 | GetSystemMetrics |
SystemMetricIndex => 72 |
SUCCESS | 0x0000000d | |
| 18:34:09,701 | 588 | GetSystemMetrics |
SystemMetricIndex => 8 |
SUCCESS | 0x00000003 | |
| 18:34:09,701 | 588 | GetSystemMetrics |
SystemMetricIndex => 41 |
SUCCESS | 0x00000000 | 1 time |
| 18:34:09,701 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:09,711 | 588 | GetSystemMetrics |
SystemMetricIndex => 8 |
SUCCESS | 0x00000003 | |
| 18:34:09,711 | 588 | GetSystemMetrics |
SystemMetricIndex => 7 |
SUCCESS | 0x00000003 | |
| 18:34:09,711 | 588 | GetSystemMetrics |
SystemMetricIndex => 2 |
SUCCESS | 0x00000011 | 2 times |
| 18:34:09,711 | 588 | GetSystemMetrics |
SystemMetricIndex => 7 |
SUCCESS | 0x00000003 | |
| 18:34:09,711 | 588 | GetSystemMetrics |
SystemMetricIndex => 8 |
SUCCESS | 0x00000003 | |
| 18:34:09,711 | 588 | LdrGetProcedureAddress |
Ordinal => 400 FunctionName => FunctionAddress => 0x773d45fd ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,711 | 588 | RegCreateKeyExW |
Handle => 0x000001d4 Access => 131103 Registry => 0x80000001 Class => Shell SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU |
SUCCESS | 0x00000000 | |
| 18:34:09,711 | 588 | RegQueryValueExW |
Handle => 0x000001d4 Data => a\x00\x00\x00 ValueName => MRUList |
SUCCESS | 0x00000000 | |
| 18:34:09,711 | 588 | RegQueryValueExW |
Handle => 0x000001d4 DataLength => 12 ValueName => a Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:09,711 | 588 | RegQueryValueExW |
Handle => 0x000001d4 Data => c\x00m\x00d\x00\\x001\x00\x00\x00 ValueName => a |
SUCCESS | 0x00000000 | |
| 18:34:09,711 | 588 | LdrGetProcedureAddress |
Ordinal => 403 FunctionName => FunctionAddress => 0x773d4d60 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,711 | 588 | RegCreateKeyExW |
Handle => 0x000001d8 Access => 131097 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Internet Explorer\TypedURLs |
SUCCESS | 0x00000000 | |
| 18:34:09,711 | 588 | LdrGetProcedureAddress |
Ordinal => 410 FunctionName => FunctionAddress => 0x773e21ef ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,711 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\windows\CurrentVersion\Explorer\AutoComplete |
FAILURE | 0x00000002 | |
| 18:34:09,711 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\windows\CurrentVersion\Explorer\AutoComplete |
FAILURE | 0x00000002 | |
| 18:34:09,711 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\windows\CurrentVersion\Explorer\AutoComplete |
FAILURE | 0x00000002 | |
| 18:34:09,711 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\windows\CurrentVersion\Explorer\AutoComplete |
FAILURE | 0x00000002 | |
| 18:34:09,711 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\windows\CurrentVersion\Explorer\AutoComplete |
FAILURE | 0x00000002 | |
| 18:34:09,711 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\windows\CurrentVersion\Explorer\AutoComplete |
FAILURE | 0x00000002 | |
| 18:34:09,711 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\windows\CurrentVersion\Explorer\AutoComplete |
FAILURE | 0x00000002 | |
| 18:34:09,711 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\windows\CurrentVersion\Explorer\AutoComplete |
FAILURE | 0x00000002 | |
| 18:34:09,711 | 588 | RegOpenKeyExA |
Handle => 0x000001dc Registry => 0x80000001 SubKey => software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
SUCCESS | 0x00000000 | |
| 18:34:09,711 | 588 | RegQueryValueExW |
Handle => 0x000001dc DataLength => 520 ValueName => ListviewScrollOver Type => 1294200 |
FAILURE | 0x00000002 | |
| 18:34:09,711 | 588 | RegOpenKeyExA |
Handle => 0x000001e0 Registry => 0x80000002 SubKey => software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
SUCCESS | 0x00000000 | |
| 18:34:09,711 | 588 | RegQueryValueExW |
Handle => 0x000001e0 DataLength => 520 ValueName => ListviewScrollOver Type => 1294200 |
FAILURE | 0x00000002 | |
| 18:34:09,711 | 588 | RegCloseKey |
Handle => 0x000001e0 |
SUCCESS | 0x00000000 | |
| 18:34:09,711 | 588 | RegCloseKey |
Handle => 0x000001dc |
SUCCESS | 0x00000000 | |
| 18:34:09,711 | 588 | RegOpenKeyExA |
Handle => 0x000001dc Registry => 0x80000001 SubKey => software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
SUCCESS | 0x00000000 | |
| 18:34:09,711 | 588 | RegQueryValueExW |
Handle => 0x000001dc Data => 1 ValueName => ListviewWatermark |
SUCCESS | 0x00000000 | |
| 18:34:09,711 | 588 | RegCloseKey |
Handle => 0x000001dc |
SUCCESS | 0x00000000 | |
| 18:34:09,711 | 588 | RegOpenKeyExA |
Handle => 0x000001dc Registry => 0x80000001 SubKey => software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
SUCCESS | 0x00000000 | |
| 18:34:09,711 | 588 | RegQueryValueExW |
Handle => 0x000001dc Data => 1 ValueName => ListviewAlphaSelect |
SUCCESS | 0x00000000 | |
| 18:34:09,711 | 588 | RegCloseKey |
Handle => 0x000001dc |
SUCCESS | 0x00000000 | |
| 18:34:09,711 | 588 | RegOpenKeyExA |
Handle => 0x000001dc Registry => 0x80000001 SubKey => software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
SUCCESS | 0x00000000 | |
| 18:34:09,711 | 588 | RegQueryValueExW |
Handle => 0x000001dc Data => 1 ValueName => ListviewShadow |
SUCCESS | 0x00000000 | |
| 18:34:09,711 | 588 | RegCloseKey |
Handle => 0x000001dc |
SUCCESS | 0x00000000 | |
| 18:34:09,711 | 588 | RegOpenKeyExW |
Handle => 0x000001dc Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
SUCCESS | 0x00000000 | |
| 18:34:09,711 | 588 | RegQueryValueExW |
Handle => 0x000001dc DataLength => 4 ValueName => UseDoubleClickTimer Type => 1294764 |
FAILURE | 0x00000002 | |
| 18:34:09,711 | 588 | RegCloseKey |
Handle => 0x000001dc |
SUCCESS | 0x00000000 | |
| 18:34:09,711 | 588 | RegOpenKeyExW |
Handle => 0x000001dc Registry => 0x80000002 SubKey => Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes |
SUCCESS | 0x00000000 | |
| 18:34:09,711 | 588 | RegQueryValueExW |
Handle => 0x000001dc DataLength => 64 ValueName => Tahoma Type => 1294408 |
FAILURE | 0x00000002 | |
| 18:34:09,711 | 588 | RegCloseKey |
Handle => 0x000001dc |
SUCCESS | 0x00000000 | |
| 18:34:09,711 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | 1 time |
| 18:34:09,711 | 588 | RegOpenKeyExW |
Handle => 0x000001dc Registry => 0x80000002 SubKey => Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes |
SUCCESS | 0x00000000 | |
| 18:34:09,711 | 588 | RegQueryValueExW |
Handle => 0x000001dc DataLength => 64 ValueName => Tahoma Type => 1294004 |
FAILURE | 0x00000002 | |
| 18:34:09,711 | 588 | RegCloseKey |
Handle => 0x000001dc |
SUCCESS | 0x00000000 | |
| 18:34:09,711 | 588 | RegOpenKeyExW |
Handle => 0x000001dc Registry => 0x80000002 SubKey => Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes |
SUCCESS | 0x00000000 | |
| 18:34:09,711 | 588 | RegQueryValueExW |
Handle => 0x000001dc DataLength => 64 ValueName => Tahoma Type => 1292400 |
FAILURE | 0x00000002 | |
| 18:34:09,711 | 588 | RegCloseKey |
Handle => 0x000001dc |
SUCCESS | 0x00000000 | |
| 18:34:09,711 | 588 | RegOpenKeyExW |
Handle => 0x000001dc Registry => 0x80000002 SubKey => Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes |
SUCCESS | 0x00000000 | |
| 18:34:09,711 | 588 | RegQueryValueExW |
Handle => 0x000001dc DataLength => 64 ValueName => Tahoma Type => 1294100 |
FAILURE | 0x00000002 | |
| 18:34:09,711 | 588 | RegCloseKey |
Handle => 0x000001dc |
SUCCESS | 0x00000000 | |
| 18:34:09,721 | 588 | LdrLoadDll |
Flags => 1298140 BaseAddress => 0x5ad70000 FileName => UxTheme.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,721 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetWindowTheme FunctionAddress => 0x5ad7b39e ModuleHandle => 0x5ad70000 |
SUCCESS | 0x00000000 | |
| 18:34:09,721 | 588 | GetSystemMetrics |
SystemMetricIndex => 2 |
SUCCESS | 0x00000011 | 1 time |
| 18:34:09,721 | 588 | GetSystemMetrics |
SystemMetricIndex => 3 |
SUCCESS | 0x00000011 | |
| 18:34:09,721 | 588 | GetSystemMetrics |
SystemMetricIndex => 2 |
SUCCESS | 0x00000011 | |
| 18:34:09,721 | 588 | GetSystemMetrics |
SystemMetricIndex => 3 |
SUCCESS | 0x00000011 | |
| 18:34:09,721 | 588 | GetSystemMetrics |
SystemMetricIndex => 2 |
SUCCESS | 0x00000011 | |
| 18:34:09,721 | 588 | GetSystemMetrics |
SystemMetricIndex => 3 |
SUCCESS | 0x00000011 | |
| 18:34:09,721 | 588 | LdrGetProcedureAddress |
Ordinal => 413 FunctionName => FunctionAddress => 0x773e2036 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,721 | 588 | GetSystemMetrics |
SystemMetricIndex => 2 |
SUCCESS | 0x00000011 | |
| 18:34:09,721 | 588 | GetSystemMetrics |
SystemMetricIndex => 3 |
SUCCESS | 0x00000011 | |
| 18:34:09,721 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:09,721 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:09,721 | 588 | GetSystemMetrics |
SystemMetricIndex => 2 |
SUCCESS | 0x00000011 | |
| 18:34:09,721 | 588 | GetSystemMetrics |
SystemMetricIndex => 3 |
SUCCESS | 0x00000011 | |
| 18:34:09,721 | 588 | GetSystemMetrics |
SystemMetricIndex => 41 |
SUCCESS | 0x00000000 | 1 time |
| 18:34:09,721 | 588 | LdrGetProcedureAddress |
Ordinal => 328 FunctionName => FunctionAddress => 0x773e1559 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,721 | 588 | LdrGetProcedureAddress |
Ordinal => 339 FunctionName => FunctionAddress => 0x773e138c ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,721 | 588 | LdrGetProcedureAddress |
Ordinal => 18 FunctionName => FunctionAddress => 0x7c9eadf5 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,721 | 588 | LdrGetProcedureAddress |
Ordinal => 334 FunctionName => FunctionAddress => 0x773e0f5a ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,721 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SHGetSpecialFolderLocation FunctionAddress => 0x7c9ef2e3 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,721 | 588 | LdrGetProcedureAddress |
Ordinal => 219 FunctionName => FunctionAddress => 0x7e2b2640 ModuleHandle => 0x7e290000 |
SUCCESS | 0x00000000 | |
| 18:34:09,721 | 588 | LdrGetProcedureAddress |
Ordinal => 152 FunctionName => FunctionAddress => 0x7c9ead90 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | 1 time |
| 18:34:09,721 | 588 | LdrGetProcedureAddress |
Ordinal => 21 FunctionName => FunctionAddress => 0x7c9f120f ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,721 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SHGetSpecialFolderLocation FunctionAddress => 0x7c9ef2e3 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,721 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CreateBindCtx FunctionAddress => 0x774fe54c ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,721 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D} |
FAILURE | 0x00000002 | |
| 18:34:09,721 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 18:34:09,721 | 588 | RegOpenKeyExW |
Handle => 0x000001dc Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 18:34:09,721 | 588 | RegQueryValueExW |
Handle => 0x000001dc DataLength => 4 ValueName => NoControlPanel Type => 1294364 |
FAILURE | 0x00000002 | |
| 18:34:09,721 | 588 | RegCloseKey |
Handle => 0x000001dc |
SUCCESS | 0x00000000 | |
| 18:34:09,721 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 18:34:09,721 | 588 | RegOpenKeyExW |
Handle => 0x000001dc Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 18:34:09,721 | 588 | RegQueryValueExW |
Handle => 0x000001dc DataLength => 4 ValueName => NoSetFolders Type => 1294364 |
FAILURE | 0x00000002 | |
| 18:34:09,721 | 588 | RegCloseKey |
Handle => 0x000001dc |
SUCCESS | 0x00000000 | |
| 18:34:09,721 | 588 | RegOpenKeyExA |
Handle => 0x000001de Registry => 0x80000000 SubKey => CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32 |
SUCCESS | 0x00000000 | |
| 18:34:09,721 | 588 | RegQueryValueExW |
Handle => 0x000001de Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00S\x00H\x00E\x00L\x00L\x003\x002\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:09,721 | 588 | LdrLoadDll |
Flags => 1294944 BaseAddress => 0x7c9c0000 FileName => C:\WINDOWS\system32\SHELL32.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,721 | 588 | RegCloseKey |
Handle => 0x000001de |
SUCCESS | 0x00000000 | |
| 18:34:09,721 | 588 | LdrGetProcedureAddress |
Ordinal => 328 FunctionName => FunctionAddress => 0x773e1559 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,721 | 588 | LdrLoadDll |
Flags => 1295736 BaseAddress => 0x77920000 FileName => SETUPAPI.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,721 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CM_Get_Device_Interface_List_Size_ExW FunctionAddress => 0x77929025 ModuleHandle => 0x77920000 |
SUCCESS | 0x00000000 | |
| 18:34:09,731 | 588 | LookupPrivilegeValueW |
SystemName => PrivilegeName => SeLoadDriverPrivilege |
SUCCESS | 0x00000001 | |
| 18:34:09,731 | 588 | LookupPrivilegeValueW |
SystemName => PrivilegeName => SeUndockPrivilege |
SUCCESS | 0x00000001 | |
| 18:34:09,731 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CM_Get_Device_Interface_List_ExW FunctionAddress => 0x7792a15c ModuleHandle => 0x77920000 |
SUCCESS | 0x00000000 | |
| 18:34:09,731 | 588 | NtOpenFile |
ShareAccess => 3 FileName => IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#42562d3231303037333036372020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} DesiredAccess => 0x00100080 FileHandle => 0x00000208 |
SUCCESS | 0x00000000 | 1 time |
| 18:34:09,731 | 588 | DeviceIoControl |
DeviceHandle => 0x00000208 OutBuffer => \x1c\x00\\x00D\x00e\x00v\x00i\x00c\x00e\x00\\x00C\x00d\x00R\x00o\x00m\x000\x00 IoControlCode => 5046280 InBuffer => |
SUCCESS | 0x00000001 | |
| 18:34:09,731 | 588 | NtQueryInformationFile |
FileHandle => 0xffffffff FileInformation => \x00\x00\x00\x00\\xc3\x13\x00x \x82|<\xfc\x81|\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x80\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\xb4\xc3\x13\x00\xbc\xc5\x13\x00\xbc\xc5\x13\x00\x1c\xc2\x13\x00\x18\x00\x00\x00\x00\x00\x00\x00@\xc1\x13\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb0\xe1\x18\x00x\xd8\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1c\x00 |
FAILURE | 3221225508 | |
| 18:34:09,731 | 588 | NtCreateFile |
ShareAccess => 3 FileName => MountPointManager DesiredAccess => 0x00100080 CreateDisposition => 1 FileHandle => 0x00000208 |
SUCCESS | 0x00000000 | |
| 18:34:09,731 | 588 | DeviceIoControl |
DeviceHandle => 0x00000208 OutBuffer => \xea\x01\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00\x1c\x00\x00\x00\\x00D\x00e\x00v\x00 IoControlCode => 7143432 InBuffer => \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00\x1c\x00\x00\x00\\x00D\x00e\x00v\x00i\x00c\x00e\x00\\x00C\x00d\x00R\x00o\x00m\x000\x00 |
FAILURE | 0x00000000 | |
| 18:34:09,731 | 588 | DeviceIoControl |
DeviceHandle => 0x00000208 OutBuffer => \xea\x01\x00\x00\x02\x00\x00\x00n\x01\x00\x00`\x00\x00\x008\x00\x00\x00\x1a\x01\x00\x00R\x01\x00\x00\x1c\x00v\x00\xce\x01\x00\x00\x1c\x00\\x008\x00\x00\x00\x1a\x01o\x00R\x01\x00\x00\x1c\x00\x00\x00\\x00?\x00?\x00\\x00I\x00D\x00E\x00#\x00C\x00d\x00R\x00o\x00m\x00V\x00B\x00O\x00X\x00_\x00C\x00D\x00-\x00R\x00O\x00M\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x00_\x001\x00.\x000\x00_\x00_\x00_\x00_\x00_\x00#\x004\x002\x005\x006\x002\x00d\x003\x002\x003\x001\x003\x000\x003\x000\x003\x007\x003\x003\x003\x000\x003\x006\x003\x007\x002\x000\x002\x000\x002\x000\x002\x000\x002\x000\x002\x000\x002\x000\x00 IoControlCode => 7143432 InBuffer => \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00\x1c\x00\x00\x00\\x00D\x00e\x00v\x00i\x00c\x00e\x00\\x00C\x00d\x00R\x00o\x00m\x000\x00 |
SUCCESS | 0x00000001 | |
| 18:34:09,741 | 588 | RegOpenKeyExW |
Handle => 0x00000208 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume |
SUCCESS | 0x00000000 | |
| 18:34:09,741 | 588 | RegOpenKeyExW |
Handle => 0x0000020c Registry => 0x00000208 SubKey => {e6c716a0-b561-11e1-9849-806d6172696f}\ |
SUCCESS | 0x00000000 | |
| 18:34:09,741 | 588 | RegCloseKey |
Handle => 0x00000208 |
SUCCESS | 0x00000000 | |
| 18:34:09,741 | 588 | RegQueryValueExW |
Handle => 0x0000020c Data => ValueName => Data |
SUCCESS | 0x00000000 | |
| 18:34:09,741 | 588 | RegCloseKey |
Handle => 0x0000020c |
SUCCESS | 0x00000000 | |
| 18:34:09,741 | 588 | RegOpenKeyExW |
Handle => 0x0000020c Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume |
SUCCESS | 0x00000000 | |
| 18:34:09,741 | 588 | RegOpenKeyExW |
Handle => 0x00000208 Registry => 0x0000020c SubKey => {e6c716a0-b561-11e1-9849-806d6172696f}\ |
SUCCESS | 0x00000000 | |
| 18:34:09,741 | 588 | RegCloseKey |
Handle => 0x0000020c |
SUCCESS | 0x00000000 | |
| 18:34:09,741 | 588 | RegQueryValueExW |
Handle => 0x00000208 Data => 1 ValueName => Generation |
SUCCESS | 0x00000000 | |
| 18:34:09,741 | 588 | RegCloseKey |
Handle => 0x00000208 |
SUCCESS | 0x00000000 | |
| 18:34:09,741 | 588 | LdrGetProcedureAddress |
Ordinal => 334 FunctionName => FunctionAddress => 0x773e0f5a ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,741 | 588 | NtOpenFile |
ShareAccess => 3 FileName => STORAGE#Volume#1&30a96598&0&SignatureC7EDC7EDOffset7E00Length27F4DB200#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} DesiredAccess => 0x00100080 FileHandle => 0x00000208 |
SUCCESS | 0x00000000 | 1 time |
| 18:34:09,741 | 588 | DeviceIoControl |
DeviceHandle => 0x00000208 OutBuffer => .\x00\\x00D\x00e\x00v\x00i\x00c\x00e\x00\\x00H\x00a\x00r\x00d\x00d\x00i\x00s\x00k\x00V\x00o\x00l\x00u\x00m\x00e\x001\x00 IoControlCode => 5046280 InBuffer => |
SUCCESS | 0x00000001 | |
| 18:34:09,741 | 588 | NtQueryInformationFile |
FileHandle => 0xffffffff FileInformation => \x00\x00\x00\x00\\xc3\x13\x00x \x82|<\xfc\x81|\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x80\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\xb4\xc3\x13\x00\xbc\xc5\x13\x00\xbc\xc5\x13\x00S\x00o\x00\x18\x00\x00\x00\x00\x00\x00\x00@\xc1\x13\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd8\xff\x18\x00\x90\xf1\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00.\x00 |
FAILURE | 3221225508 | |
| 18:34:09,741 | 588 | NtCreateFile |
ShareAccess => 3 FileName => MountPointManager DesiredAccess => 0x00100080 CreateDisposition => 1 FileHandle => 0x00000208 |
SUCCESS | 0x00000000 | |
| 18:34:09,741 | 588 | DeviceIoControl |
DeviceHandle => 0x00000208 OutBuffer => \xee\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00.\x00\x00\x00\\x00D\x00e\x00v\x00 IoControlCode => 7143432 InBuffer => \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00.\x00\x00\x00\\x00D\x00e\x00v\x00i\x00c\x00e\x00\\x00H\x00a\x00r\x00d\x00d\x00i\x00s\x00k\x00V\x00o\x00l\x00u\x00m\x00e\x001\x00 |
FAILURE | 0x00000000 | |
| 18:34:09,741 | 588 | DeviceIoControl |
DeviceHandle => 0x00000208 OutBuffer => \xee\x00\x00\x00\x02\x00\x00\x00r\x00\x00\x00`\x00\x00\x008\x00\x00\x00\x0c\x00\x00\x00D\x00\x00\x00.\x00v\x00\xd2\x00\x00\x00\x1c\x00\\x008\x00\x00\x00\x0c\x00d\x00D\x00\x00\x00.\x00k\x00\xed\xc7\xed\xc7\x00~\x00\x00\x00\x00\x00\x00\\x00D\x00e\x00v\x00i\x00c\x00e\x00\\x00H\x00a\x00r\x00d\x00d\x00i\x00s\x00k\x00V\x00o\x00l\x00u\x00m\x00e\x001\x00\\x00?\x00?\x00\\x00V\x00o\x00l\x00u\x00m\x00e\x00{\x00e\x006\x00c\x007\x001\x006\x00a\x002\x00-\x00b\x005\x006\x001\x00-\x001\x001\x00e\x001\x00-\x009\x008\x004\x009\x00-\x008\x000\x006\x00d\x006\x001\x007\x002\x006\x009\x006\x00f\x00}\x00\\x00D\x00o\x00s\x00D\x00e\x00v\x00i\x00c\x00e\x00s\x00\\x00C\x00:\x00 IoControlCode => 7143432 InBuffer => \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00.\x00\x00\x00\\x00D\x00e\x00v\x00i\x00c\x00e\x00\\x00H\x00a\x00r\x00d\x00d\x00i\x00s\x00k\x00V\x00o\x00l\x00u\x00m\x00e\x001\x00 |
SUCCESS | 0x00000001 | |
| 18:34:09,751 | 588 | RegOpenKeyExW |
Handle => 0x00000208 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume |
SUCCESS | 0x00000000 | |
| 18:34:09,751 | 588 | RegOpenKeyExW |
Handle => 0x0000020c Registry => 0x00000208 SubKey => {e6c716a2-b561-11e1-9849-806d6172696f}\ |
SUCCESS | 0x00000000 | |
| 18:34:09,751 | 588 | RegCloseKey |
Handle => 0x00000208 |
SUCCESS | 0x00000000 | |
| 18:34:09,751 | 588 | RegQueryValueExW |
Handle => 0x0000020c Data => ValueName => Data |
SUCCESS | 0x00000000 | |
| 18:34:09,751 | 588 | RegCloseKey |
Handle => 0x0000020c |
SUCCESS | 0x00000000 | |
| 18:34:09,751 | 588 | RegOpenKeyExW |
Handle => 0x0000020c Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume |
SUCCESS | 0x00000000 | |
| 18:34:09,751 | 588 | RegOpenKeyExW |
Handle => 0x00000208 Registry => 0x0000020c SubKey => {e6c716a2-b561-11e1-9849-806d6172696f}\ |
SUCCESS | 0x00000000 | |
| 18:34:09,751 | 588 | RegCloseKey |
Handle => 0x0000020c |
SUCCESS | 0x00000000 | |
| 18:34:09,751 | 588 | RegQueryValueExW |
Handle => 0x00000208 Data => 1 ValueName => Generation |
SUCCESS | 0x00000000 | |
| 18:34:09,751 | 588 | RegCloseKey |
Handle => 0x00000208 |
SUCCESS | 0x00000000 | |
| 18:34:09,751 | 588 | LdrGetProcedureAddress |
Ordinal => 332 FunctionName => FunctionAddress => 0x773e0df4 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,751 | 588 | NtQueryInformationFile |
FileHandle => 0xffffffff FileInformation => |
FAILURE | 3221225508 | |
| 18:34:09,751 | 588 | NtCreateFile |
ShareAccess => 3 FileName => MountPointManager DesiredAccess => 0x00100080 CreateDisposition => 1 FileHandle => 0x00000208 |
SUCCESS | 0x00000000 | |
| 18:34:09,751 | 588 | DeviceIoControl |
DeviceHandle => 0x00000208 OutBuffer => \x08\x00\x00\x00 IoControlCode => 7143476 InBuffer => `\x00\\x00?\x00?\x00\\x00V\x00o\x00l\x00u\x00m\x00e\x00{\x00e\x006\x00c\x007\x001\x006\x00a\x002\x00-\x00b\x005\x006\x001\x00-\x001\x001\x00e\x001\x00-\x009\x008\x004\x009\x00-\x008\x000\x006\x00d\x006\x001\x007\x002\x006\x009\x006\x00f\x00}\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
FAILURE | 0x00000000 | |
| 18:34:09,751 | 588 | DeviceIoControl |
DeviceHandle => 0x00000208 OutBuffer => \x08\x00\x00\x00C\x00:\x00\x00\x00\x00\x00 IoControlCode => 7143476 InBuffer => `\x00\\x00?\x00?\x00\\x00V\x00o\x00l\x00u\x00m\x00e\x00{\x00e\x006\x00c\x007\x001\x006\x00a\x002\x00-\x00b\x005\x006\x001\x00-\x001\x001\x00e\x001\x00-\x009\x008\x004\x009\x00-\x008\x000\x006\x00d\x006\x001\x007\x002\x006\x009\x006\x00f\x00}\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000001 | |
| 18:34:09,751 | 588 | NtQueryInformationFile |
FileHandle => 0xffffffff FileInformation => \xbb\x01\x91|\\xc6\x13\x00\x7f\x0e\x82|<\xfc\x81|\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x80\x00\x00\x00\xff\xff\xff\xffH\x0b\x19\x00\xfc\x0c\x82|8\x0c\x19\x00b\x00d\x00\xb0\x0b\x19\x00\x0c\xe0\x13\x00\xc0\x9a\x83|\x98\xc6\x13\x00\x18\x0e\xa0|\xb0\x0b\x19\x008\x0c\x19\x00\x05\x00\x00\x00\x90\xc6\x13\x00\x00\x00\x00\x00.\x93\x80|\x00\x00\x00\x00\x08\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00h\x15>w\x05\x00\x00\x00|}\x00\x00\xb0\xc6\x13\x00\x8e\x0c\xa0|\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\xd0\xc6\x13\x00Y\x0b\xa0|\x00\x00\x00\x00\xa8\xf5\xbc|\x05@\x00\x80\\x00\x00\x00|}\x00\x00|}\x00\x00\xf8\xc6\x13\x00%\x0c\xa0|\x00\x00\x00\x00\xa8\xf5\xbc|\x00\x00\x00\x00\x0c\xe0\x13\x00\xdcF_w\xc8\xd4Ow\xff\xff\xff\xff|}\x00\x00\x14\xc7\x13\x00\xba\xa0\x9e|\x02\x00\x00\x00\x00\x00\x00\x00\xb8\xee\x19\x00\x03\x00\x07\x80|\xc7\x13\x00H\xc7\x13\x00 |
FAILURE | 3221225508 | |
| 18:34:09,751 | 588 | NtCreateFile |
ShareAccess => 3 FileName => MountPointManager DesiredAccess => 0x00100080 CreateDisposition => 1 FileHandle => 0x00000208 |
SUCCESS | 0x00000000 | |
| 18:34:09,751 | 588 | DeviceIoControl |
DeviceHandle => 0x00000208 OutBuffer => \x08\x00\x00\x00 IoControlCode => 7143476 InBuffer => `\x00\\x00?\x00?\x00\\x00V\x00o\x00l\x00u\x00m\x00e\x00{\x00e\x006\x00c\x007\x001\x006\x00a\x002\x00-\x00b\x005\x006\x001\x00-\x001\x001\x00e\x001\x00-\x009\x008\x004\x009\x00-\x008\x000\x006\x00d\x006\x001\x007\x002\x006\x009\x006\x00f\x00}\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
FAILURE | 0x00000000 | |
| 18:34:09,751 | 588 | DeviceIoControl |
DeviceHandle => 0x00000208 OutBuffer => \x08\x00\x00\x00C\x00:\x00\x00\x00\x00\x00 IoControlCode => 7143476 InBuffer => `\x00\\x00?\x00?\x00\\x00V\x00o\x00l\x00u\x00m\x00e\x00{\x00e\x006\x00c\x007\x001\x006\x00a\x002\x00-\x00b\x005\x006\x001\x00-\x001\x001\x00e\x001\x00-\x009\x008\x004\x009\x00-\x008\x000\x006\x00d\x006\x001\x007\x002\x006\x009\x006\x00f\x00}\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000001 | |
| 18:34:09,761 | 588 | RegCreateKeyExW |
Handle => 0x00000208 Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6c716a2-b561-11e1-9849-806d6172696f}\ |
SUCCESS | 0x00000000 | |
| 18:34:09,761 | 588 | RegSetValueExW |
Handle => 0x00000208 Buffer => D\x00r\x00i\x00v\x00e\x00\x00\x00 ValueName => BaseClass Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:09,761 | 588 | RegCloseKey |
Handle => 0x00000208 |
SUCCESS | 0x00000000 | |
| 18:34:09,761 | 588 | NtQueryInformationFile |
FileHandle => 0xffffffff FileInformation => @\x00\x91|\\xc6\x13\x00\x7f\x0e\x82|<\xfc\x81|\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x80\x00\x00\x00\xff\xff\xff\xff\xb0\xfe\x18\x00\xfc\x0c\x82|8\x0c\x19\x00b\x00d\x00\x18\xff\x18\x008\x0c\x19\x00\x0c\xe0\x13\x00\x98\xc6\x13\x00\xde \xa0|\x18\xff\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x90\xc6\x13\x00\x00\x00\x00\x00.\x93\x80|\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00h\x15>w\x05\x00\x00\x00|}\x00\x00\xb0\xc6\x13\x00\x8e\x0c\xa0|\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\xd0\xc6\x13\x00Y\x0b\xa0|\x00\x00\x00\x00\xa8\xf5\xbc|\x05@\x00\x80\\x00\x00\x00|}\x00\x00|}\x00\x00\xf8\xc6\x13\x00%\x0c\xa0|\x00\x00\x00\x00\xa8\xf5\xbc|\x00\x00\x00\x00\x0c\xe0\x13\x00\xdcF_w\xc8\xd4Ow\xff\xff\xff\xff|}\x00\x00\x14\xc7\x13\x00\xba\xa0\x9e|\x02\x00\x00\x00\x00\x00\x00\x00\xb8\xee\x19\x00\x03\x00\x07\x80|\xc7\x13\x00H\xc7\x13\x00 |
FAILURE | 3221225508 | |
| 18:34:09,761 | 588 | NtCreateFile |
ShareAccess => 3 FileName => MountPointManager DesiredAccess => 0x00100080 CreateDisposition => 1 FileHandle => 0x00000208 |
SUCCESS | 0x00000000 | |
| 18:34:09,761 | 588 | DeviceIoControl |
DeviceHandle => 0x00000208 OutBuffer => \x08\x00\x00\x00 IoControlCode => 7143476 InBuffer => `\x00\\x00?\x00?\x00\\x00V\x00o\x00l\x00u\x00m\x00e\x00{\x00e\x006\x00c\x007\x001\x006\x00a\x000\x00-\x00b\x005\x006\x001\x00-\x001\x001\x00e\x001\x00-\x009\x008\x004\x009\x00-\x008\x000\x006\x00d\x006\x001\x007\x002\x006\x009\x006\x00f\x00}\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
FAILURE | 0x00000000 | |
| 18:34:09,761 | 588 | DeviceIoControl |
DeviceHandle => 0x00000208 OutBuffer => \x08\x00\x00\x00D\x00:\x00\x00\x00\x00\x00 IoControlCode => 7143476 InBuffer => `\x00\\x00?\x00?\x00\\x00V\x00o\x00l\x00u\x00m\x00e\x00{\x00e\x006\x00c\x007\x001\x006\x00a\x000\x00-\x00b\x005\x006\x001\x00-\x001\x001\x00e\x001\x00-\x009\x008\x004\x009\x00-\x008\x000\x006\x00d\x006\x001\x007\x002\x006\x009\x006\x00f\x00}\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000001 | |
| 18:34:09,761 | 588 | NtQueryInformationFile |
FileHandle => 0xffffffff FileInformation => \xbb\x01\x91|\\xc6\x13\x00\x7f\x0e\x82|<\xfc\x81|\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x80\x00\x00\x00\xff\xff\xff\xff\xb0\xfe\x18\x00\xfc\x0c\x82|8\x0c\x19\x00b\x00d\x00\x18\xff\x18\x00\x0c\xe0\x13\x00\xc0\x9a\x83|\x98\xc6\x13\x00\x18\x0e\xa0|\x18\xff\x18\x008\x0c\x19\x00\x05\x00\x00\x00\x90\xc6\x13\x00\x00\x00\x00\x00.\x93\x80|\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00h\x15>w\x05\x00\x00\x00|}\x00\x00\xb0\xc6\x13\x00\x8e\x0c\xa0|\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\xd0\xc6\x13\x00Y\x0b\xa0|\x00\x00\x00\x00\xa8\xf5\xbc|\x05@\x00\x80\\x00\x00\x00|}\x00\x00|}\x00\x00\xf8\xc6\x13\x00%\x0c\xa0|\x00\x00\x00\x00\xa8\xf5\xbc|\x00\x00\x00\x00\x0c\xe0\x13\x00\xdcF_w\xc8\xd4Ow\xff\xff\xff\xff|}\x00\x00\x14\xc7\x13\x00\xba\xa0\x9e|\x02\x00\x00\x00\x00\x00\x00\x00\xb8\xee\x19\x00\x03\x00\x07\x80|\xc7\x13\x00H\xc7\x13\x00 |
FAILURE | 3221225508 | |
| 18:34:09,761 | 588 | NtCreateFile |
ShareAccess => 3 FileName => MountPointManager DesiredAccess => 0x00100080 CreateDisposition => 1 FileHandle => 0x00000208 |
SUCCESS | 0x00000000 | |
| 18:34:09,761 | 588 | DeviceIoControl |
DeviceHandle => 0x00000208 OutBuffer => \x08\x00\x00\x00 IoControlCode => 7143476 InBuffer => `\x00\\x00?\x00?\x00\\x00V\x00o\x00l\x00u\x00m\x00e\x00{\x00e\x006\x00c\x007\x001\x006\x00a\x000\x00-\x00b\x005\x006\x001\x00-\x001\x001\x00e\x001\x00-\x009\x008\x004\x009\x00-\x008\x000\x006\x00d\x006\x001\x007\x002\x006\x009\x006\x00f\x00}\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
FAILURE | 0x00000000 | |
| 18:34:09,761 | 588 | DeviceIoControl |
DeviceHandle => 0x00000208 OutBuffer => \x08\x00\x00\x00D\x00:\x00\x00\x00\x00\x00 IoControlCode => 7143476 InBuffer => `\x00\\x00?\x00?\x00\\x00V\x00o\x00l\x00u\x00m\x00e\x00{\x00e\x006\x00c\x007\x001\x006\x00a\x000\x00-\x00b\x005\x006\x001\x00-\x001\x001\x00e\x001\x00-\x009\x008\x004\x009\x00-\x008\x000\x006\x00d\x006\x001\x007\x002\x006\x009\x006\x00f\x00}\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000001 | |
| 18:34:09,761 | 588 | RegCreateKeyExW |
Handle => 0x00000208 Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6c716a0-b561-11e1-9849-806d6172696f}\ |
SUCCESS | 0x00000000 | |
| 18:34:09,761 | 588 | RegSetValueExW |
Handle => 0x00000208 Buffer => D\x00r\x00i\x00v\x00e\x00\x00\x00 ValueName => BaseClass Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:09,761 | 588 | RegCloseKey |
Handle => 0x00000208 |
SUCCESS | 0x00000000 | |
| 18:34:09,761 | 588 | RegOpenKeyExW |
Handle => 0x00000208 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume |
SUCCESS | 0x00000000 | |
| 18:34:09,761 | 588 | RegOpenKeyExW |
Handle => 0x0000020c Registry => 0x00000208 SubKey => {e6c716a2-b561-11e1-9849-806d6172696f}\ |
SUCCESS | 0x00000000 | |
| 18:34:09,761 | 588 | RegCloseKey |
Handle => 0x00000208 |
SUCCESS | 0x00000000 | |
| 18:34:09,761 | 588 | RegQueryValueExW |
Handle => 0x0000020c Data => 1 ValueName => Generation |
SUCCESS | 0x00000000 | |
| 18:34:09,761 | 588 | RegCloseKey |
Handle => 0x0000020c |
SUCCESS | 0x00000000 | |
| 18:34:09,761 | 588 | FindFirstFileExW |
FileName => C:\Documents and Settings |
SUCCESS | 0x0018ffa0 | |
| 18:34:09,761 | 588 | RegOpenKeyExW |
Handle => 0x0000020e Registry => 0x80000000 SubKey => Directory |
SUCCESS | 0x00000000 | |
| 18:34:09,761 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000020e SubKey => CurVer |
FAILURE | 0x00000002 | |
| 18:34:09,761 | 588 | RegOpenKeyExW |
Handle => 0x0000020a Registry => 0x0000020e SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:09,761 | 588 | RegCloseKey |
Handle => 0x0000020e |
SUCCESS | 0x00000000 | |
| 18:34:09,761 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000020a SubKey => ShellEx\IconHandler |
FAILURE | 0x00000002 | |
| 18:34:09,761 | 588 | RegQueryValueExW |
Handle => 0x0000020a DataLength => 0 ValueName => DocObject Type => 0 |
FAILURE | 0x00000002 | |
| 18:34:09,761 | 588 | RegQueryValueExW |
Handle => 0x0000020a DataLength => 0 ValueName => BrowseInPlace Type => 0 |
FAILURE | 0x00000002 | |
| 18:34:09,761 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000020a SubKey => Clsid |
FAILURE | 0x00000002 | |
| 18:34:09,761 | 588 | RegOpenKeyExW |
Handle => 0x0000020e Registry => 0x80000000 SubKey => Folder |
SUCCESS | 0x00000000 | |
| 18:34:09,761 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000020e SubKey => Clsid |
FAILURE | 0x00000002 | |
| 18:34:09,761 | 588 | RegQueryValueExW |
Handle => 0x0000020a DataLength => 0 ValueName => IsShortcut Type => 0 |
FAILURE | 0x00000002 | |
| 18:34:09,761 | 588 | RegQueryValueExW |
Handle => 0x0000020a DataLength => 2 ValueName => AlwaysShowExt Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:09,761 | 588 | RegQueryValueExW |
Handle => 0x0000020a DataLength => 0 ValueName => NeverShowExt Type => 0 |
FAILURE | 0x00000002 | |
| 18:34:09,761 | 588 | RegCloseKey |
Handle => 0x0000020a |
SUCCESS | 0x00000000 | |
| 18:34:09,761 | 588 | RegCloseKey |
Handle => 0x0000020e |
SUCCESS | 0x00000000 | |
| 18:34:09,761 | 588 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0018ffa0 | |
| 18:34:09,761 | 588 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Favorites |
SUCCESS | 0x0018ffa0 | |
| 18:34:09,771 | 588 | LdrGetProcedureAddress |
Ordinal => 66 FunctionName => FunctionAddress => 0x7c9f063c ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,771 | 588 | LdrGetProcedureAddress |
Ordinal => 100 FunctionName => FunctionAddress => 0x7c9ec059 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,771 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 18:34:09,771 | 588 | RegOpenKeyExW |
Handle => 0x0000020c Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 18:34:09,771 | 588 | RegQueryValueExW |
Handle => 0x0000020c DataLength => 4 ValueName => UseDesktopIniCache Type => 1288684 |
FAILURE | 0x00000002 | |
| 18:34:09,771 | 588 | RegCloseKey |
Handle => 0x0000020c |
SUCCESS | 0x00000000 | |
| 18:34:09,771 | 588 | NtOpenFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Favorites\desktop.ini DesiredAccess => 0x80100000 FileHandle => 0x0000020c |
SUCCESS | 0x00000000 | |
| 18:34:09,771 | 588 | NtQueryInformationFile |
FileHandle => 0x0000020c FileInformation => \x80\x00\x00\x00\x00\x00\x00\x00z\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:09,771 | 588 | NtReadFile |
Buffer => [.ShellClassInfo]
IconFile=%SystemRoot%\system32\SHELL32.dll
IconIndex=-173
LocalizedResourceName=@shell32.dll,-12693
FileHandle => 0x0000020c |
SUCCESS | 0x00000000 | |
| 18:34:09,771 | 588 | NtFreeVirtualMemory |
FreeType => 0x00008000 ProcessHandle => 0xffffffff RegionSize => 0x00101000 BaseAddress => 0x00f50000 |
SUCCESS | 0x00000000 | |
| 18:34:09,771 | 588 | NtOpenFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Favorites\desktop.ini DesiredAccess => 0x80100000 FileHandle => 0x0000020c |
SUCCESS | 0x00000000 | |
| 18:34:09,771 | 588 | NtQueryInformationFile |
FileHandle => 0x0000020c FileInformation => \x80\x00\x00\x00\x00\x00\x00\x00z\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:09,771 | 588 | NtReadFile |
Buffer => [.ShellClassInfo]
IconFile=%SystemRoot%\system32\SHELL32.dll
IconIndex=-173
LocalizedResourceName=@shell32.dll,-12693
FileHandle => 0x0000020c |
SUCCESS | 0x00000000 | |
| 18:34:09,771 | 588 | NtFreeVirtualMemory |
FreeType => 0x00008000 ProcessHandle => 0xffffffff RegionSize => 0x00101000 BaseAddress => 0x00f50000 |
SUCCESS | 0x00000000 | |
| 18:34:09,771 | 588 | NtOpenFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Favorites\desktop.ini DesiredAccess => 0x80100000 FileHandle => 0x0000020c |
SUCCESS | 0x00000000 | |
| 18:34:09,771 | 588 | NtQueryInformationFile |
FileHandle => 0x0000020c FileInformation => \x80\x00\x00\x00\x00\x00\x00\x00z\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:09,771 | 588 | NtReadFile |
Buffer => [.ShellClassInfo]
IconFile=%SystemRoot%\system32\SHELL32.dll
IconIndex=-173
LocalizedResourceName=@shell32.dll,-12693
FileHandle => 0x0000020c |
SUCCESS | 0x00000000 | |
| 18:34:09,771 | 588 | NtFreeVirtualMemory |
FreeType => 0x00008000 ProcessHandle => 0xffffffff RegionSize => 0x00101000 BaseAddress => 0x00f50000 |
SUCCESS | 0x00000000 | |
| 18:34:09,781 | 588 | GetSystemMetrics |
SystemMetricIndex => 41 |
SUCCESS | 0x00000000 | 1 time |
| 18:34:09,781 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions |
FAILURE | 0x00000002 | |
| 18:34:09,781 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions |
FAILURE | 0x00000002 | |
| 18:34:09,781 | 588 | RegOpenKeyExA |
Handle => 0x0000020c Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Toolbar |
SUCCESS | 0x00000000 | |
| 18:34:09,781 | 588 | RegQueryValueExW |
Handle => 0x0000020c DataLength => 520 ValueName => QuickLinksCLSID Type => 1301252 |
FAILURE | 0x00000002 | |
| 18:34:09,781 | 588 | RegOpenKeyExA |
Handle => 0x00000208 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Toolbar |
SUCCESS | 0x00000000 | |
| 18:34:09,781 | 588 | RegQueryValueExW |
Handle => 0x00000208 DataLength => 520 ValueName => QuickLinksCLSID Type => 1301252 |
FAILURE | 0x00000002 | |
| 18:34:09,781 | 588 | RegCloseKey |
Handle => 0x00000208 |
SUCCESS | 0x00000000 | |
| 18:34:09,781 | 588 | RegCloseKey |
Handle => 0x0000020c |
SUCCESS | 0x00000000 | |
| 18:34:09,781 | 588 | RegOpenKeyExW |
Handle => 0x0000020c Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Toolbar\WebBrowser |
SUCCESS | 0x00000000 | |
| 18:34:09,781 | 588 | RegQueryValueExW |
Handle => 0x0000020c DataLength => 549 ValueName => {0E5CBF21-D15F-11D0-8301-00AA005B4383} Type => 3 |
SUCCESS | 0x00000000 | |
| 18:34:09,781 | 588 | RegCloseKey |
Handle => 0x0000020c |
SUCCESS | 0x00000000 | |
| 18:34:09,781 | 588 | RegCreateKeyExW |
Handle => 0x0000020c Access => 131103 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Internet Explorer\Toolbar |
SUCCESS | 0x00000000 | |
| 18:34:09,781 | 588 | RegOpenKeyExA |
Handle => 0x00000208 Registry => 0x0000020c SubKey => WebBrowser |
SUCCESS | 0x00000000 | |
| 18:34:09,781 | 588 | RegQueryValueExA |
Handle => 0x00000208 DataLength => 549 ValueName => {0E5CBF21-D15F-11D0-8301-00AA005B4383} Type => 3 |
SUCCESS | 0x00000000 | |
| 18:34:09,791 | 588 | RegQueryValueExA |
Handle => 0x00000208 Data => ValueName => {0E5CBF21-D15F-11D0-8301-00AA005B4383} |
SUCCESS | 0x00000000 | |
| 18:34:09,791 | 588 | RegCloseKey |
Handle => 0x00000208 |
SUCCESS | 0x00000000 | |
| 18:34:09,791 | 588 | RegCloseKey |
Handle => 0x0000020c |
SUCCESS | 0x00000000 | |
| 18:34:09,791 | 588 | RegOpenKeyExW |
Handle => 0x0000020c Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:09,791 | 588 | RegQueryValueExW |
Handle => 0x0000020c Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:09,791 | 588 | RegCloseKey |
Handle => 0x0000020c |
SUCCESS | 0x00000000 | |
| 18:34:09,791 | 588 | RegOpenKeyExW |
Handle => 0x0000020c Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:09,791 | 588 | RegQueryValueExW |
Handle => 0x0000020c Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:09,791 | 588 | RegCloseKey |
Handle => 0x0000020c |
SUCCESS | 0x00000000 | |
| 18:34:09,791 | 588 | RegOpenKeyExW |
Handle => 0x0000020e Registry => 0x000000e6 SubKey => CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383} |
SUCCESS | 0x00000000 | |
| 18:34:09,791 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000020e SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:09,791 | 588 | RegOpenKeyExW |
Handle => 0x0000020a Registry => 0x000000e6 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:09,791 | 588 | RegCloseKey |
Handle => 0x0000020e |
SUCCESS | 0x00000000 | |
| 18:34:09,791 | 588 | RegOpenKeyExW |
Handle => 0x0000020e Registry => 0x0000020a SubKey => CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383} |
SUCCESS | 0x00000000 | |
| 18:34:09,791 | 588 | RegOpenKeyExW |
Handle => 0x00000212 Registry => 0x0000020e SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:09,791 | 588 | RegQueryValueExW |
Handle => 0x00000212 DataLength => 1000 ValueName => InprocServer32 Type => 1568064 |
FAILURE | 0x00000002 | |
| 18:34:09,791 | 588 | RegCloseKey |
Handle => 0x00000212 |
SUCCESS | 0x00000000 | |
| 18:34:09,791 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000020e SubKey => InprocServerX86 |
FAILURE | 0x00000002 | |
| 18:34:09,791 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000020e SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:09,791 | 588 | RegOpenKeyExW |
Handle => 0x00000212 Registry => 0x0000020e SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:09,791 | 588 | RegQueryValueExW |
Handle => 0x00000212 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00S\x00H\x00E\x00L\x00L\x003\x002\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:09,791 | 588 | RegCloseKey |
Handle => 0x00000212 |
SUCCESS | 0x00000000 | |
| 18:34:09,791 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000020e SubKey => InprocHandler32 |
FAILURE | 0x00000002 | |
| 18:34:09,791 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000020e SubKey => InprocHandlerX86 |
FAILURE | 0x00000002 | |
| 18:34:09,791 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000020e SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:09,791 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000020e SubKey => LocalServer |
FAILURE | 0x00000002 | |
| 18:34:09,791 | 588 | RegOpenKeyExW |
Handle => 0x00000212 Registry => 0x0000020a SubKey => CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383} |
SUCCESS | 0x00000000 | |
| 18:34:09,791 | 588 | RegQueryValueExW |
Handle => 0x00000212 DataLength => 100 ValueName => AppID Type => 1299220 |
FAILURE | 0x00000002 | |
| 18:34:09,791 | 588 | RegCloseKey |
Handle => 0x00000212 |
SUCCESS | 0x00000000 | |
| 18:34:09,791 | 588 | RegCloseKey |
Handle => 0x0000020e |
SUCCESS | 0x00000000 | |
| 18:34:09,791 | 588 | RegCloseKey |
Handle => 0x0000020a |
SUCCESS | 0x00000000 | |
| 18:34:09,791 | 588 | RegOpenKeyExW |
Handle => 0x00000208 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:09,791 | 588 | RegQueryValueExW |
Handle => 0x00000208 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:09,791 | 588 | RegCloseKey |
Handle => 0x00000208 |
SUCCESS | 0x00000000 | |
| 18:34:09,791 | 588 | RegOpenKeyExW |
Handle => 0x00000208 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:09,791 | 588 | RegQueryValueExW |
Handle => 0x00000208 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:09,791 | 588 | RegCloseKey |
Handle => 0x00000208 |
SUCCESS | 0x00000000 | |
| 18:34:09,791 | 588 | RegOpenKeyExW |
Handle => 0x0000020a Registry => 0x000000e6 SubKey => CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383} |
SUCCESS | 0x00000000 | |
| 18:34:09,791 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000020a SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:09,791 | 588 | RegOpenKeyExW |
Handle => 0x0000020e Registry => 0x000000e6 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:09,791 | 588 | RegCloseKey |
Handle => 0x0000020a |
SUCCESS | 0x00000000 | |
| 18:34:09,791 | 588 | RegOpenKeyExW |
Handle => 0x0000020a Registry => 0x0000020e SubKey => CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383} |
SUCCESS | 0x00000000 | |
| 18:34:09,791 | 588 | RegOpenKeyExW |
Handle => 0x00000212 Registry => 0x0000020a SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:09,791 | 588 | RegQueryValueExW |
Handle => 0x00000212 DataLength => 1000 ValueName => InprocServer32 Type => 1567048 |
FAILURE | 0x00000002 | |
| 18:34:09,801 | 588 | RegCloseKey |
Handle => 0x00000212 |
SUCCESS | 0x00000000 | |
| 18:34:09,801 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000020a SubKey => InprocServerX86 |
FAILURE | 0x00000002 | |
| 18:34:09,801 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000020a SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:09,801 | 588 | RegOpenKeyExW |
Handle => 0x00000212 Registry => 0x0000020a SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:09,801 | 588 | RegQueryValueExW |
Handle => 0x00000212 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00S\x00H\x00E\x00L\x00L\x003\x002\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:09,801 | 588 | RegCloseKey |
Handle => 0x00000212 |
SUCCESS | 0x00000000 | |
| 18:34:09,801 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000020a SubKey => InprocHandler32 |
FAILURE | 0x00000002 | |
| 18:34:09,801 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000020a SubKey => InprocHandlerX86 |
FAILURE | 0x00000002 | |
| 18:34:09,801 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000020a SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:09,801 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000020a SubKey => LocalServer |
FAILURE | 0x00000002 | |
| 18:34:09,801 | 588 | RegOpenKeyExW |
Handle => 0x00000212 Registry => 0x0000020e SubKey => CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383} |
SUCCESS | 0x00000000 | |
| 18:34:09,801 | 588 | RegQueryValueExW |
Handle => 0x00000212 DataLength => 100 ValueName => AppID Type => 1299136 |
FAILURE | 0x00000002 | |
| 18:34:09,801 | 588 | RegCloseKey |
Handle => 0x00000212 |
SUCCESS | 0x00000000 | |
| 18:34:09,801 | 588 | RegCloseKey |
Handle => 0x0000020a |
SUCCESS | 0x00000000 | |
| 18:34:09,801 | 588 | RegOpenKeyExW |
Handle => 0x0000020a Registry => 0x0000020e SubKey => CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383} |
SUCCESS | 0x00000000 | |
| 18:34:09,801 | 588 | RegCloseKey |
Handle => 0x0000020a |
SUCCESS | 0x00000000 | |
| 18:34:09,801 | 588 | RegOpenKeyExW |
Handle => 0x0000020a Registry => 0x0000020e SubKey => CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383} |
SUCCESS | 0x00000000 | |
| 18:34:09,801 | 588 | RegOpenKeyExW |
Handle => 0x00000212 Registry => 0x0000020a SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:09,801 | 588 | RegQueryValueExW |
Handle => 0x00000212 Data => A\x00p\x00a\x00r\x00t\x00m\x00e\x00n\x00t\x00\x00\x00 ValueName => ThreadingModel |
SUCCESS | 0x00000000 | |
| 18:34:09,801 | 588 | RegCloseKey |
Handle => 0x00000212 |
SUCCESS | 0x00000000 | |
| 18:34:09,801 | 588 | RegCloseKey |
Handle => 0x0000020a |
SUCCESS | 0x00000000 | |
| 18:34:09,801 | 588 | RegOpenKeyExW |
Handle => 0x0000020a Registry => 0x80000000 SubKey => CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383} |
SUCCESS | 0x00000000 | |
| 18:34:09,801 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000020a SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:09,801 | 588 | RegCloseKey |
Handle => 0x0000020a |
SUCCESS | 0x00000000 | |
| 18:34:09,801 | 588 | RegOpenKeyExA |
Handle => 0x00000208 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
SUCCESS | 0x00000000 | |
| 18:34:09,801 | 588 | RegQueryValueExW |
Handle => 0x00000208 DataLength => 520 ValueName => CascadeFolderBands Type => 1296200 |
FAILURE | 0x00000002 | |
| 18:34:09,801 | 588 | RegOpenKeyExA |
Handle => 0x00000210 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
SUCCESS | 0x00000000 | |
| 18:34:09,801 | 588 | RegQueryValueExW |
Handle => 0x00000210 DataLength => 520 ValueName => CascadeFolderBands Type => 1296200 |
FAILURE | 0x00000002 | |
| 18:34:09,801 | 588 | RegCloseKey |
Handle => 0x00000210 |
SUCCESS | 0x00000000 | |
| 18:34:09,801 | 588 | RegCloseKey |
Handle => 0x00000208 |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegOpenKeyExW |
Handle => 0x00000208 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegQueryValueExW |
Handle => 0x00000208 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegCloseKey |
Handle => 0x00000208 |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegOpenKeyExW |
Handle => 0x00000208 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegQueryValueExW |
Handle => 0x00000208 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegCloseKey |
Handle => 0x00000208 |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegOpenKeyExW |
Handle => 0x0000020a Registry => 0x000000e6 SubKey => CLSID\{00021401-0000-0000-C000-000000000046} |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000020a SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:09,821 | 588 | RegOpenKeyExW |
Handle => 0x00000212 Registry => 0x000000e6 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegCloseKey |
Handle => 0x0000020a |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegOpenKeyExW |
Handle => 0x0000020a Registry => 0x00000212 SubKey => CLSID\{00021401-0000-0000-C000-000000000046} |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegOpenKeyExW |
Handle => 0x00000216 Registry => 0x0000020a SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegQueryValueExW |
Handle => 0x00000216 DataLength => 1000 ValueName => InprocServer32 Type => 1568064 |
FAILURE | 0x00000002 | |
| 18:34:09,821 | 588 | RegCloseKey |
Handle => 0x00000216 |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000020a SubKey => InprocServerX86 |
FAILURE | 0x00000002 | |
| 18:34:09,821 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000020a SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:09,821 | 588 | RegOpenKeyExW |
Handle => 0x00000216 Registry => 0x0000020a SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegQueryValueExW |
Handle => 0x00000216 Data => s\x00h\x00e\x00l\x00l\x003\x002\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegCloseKey |
Handle => 0x00000216 |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000020a SubKey => InprocHandler32 |
FAILURE | 0x00000002 | |
| 18:34:09,821 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000020a SubKey => InprocHandlerX86 |
FAILURE | 0x00000002 | |
| 18:34:09,821 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000020a SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:09,821 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000020a SubKey => LocalServer |
FAILURE | 0x00000002 | |
| 18:34:09,821 | 588 | RegOpenKeyExW |
Handle => 0x00000216 Registry => 0x00000212 SubKey => CLSID\{00021401-0000-0000-C000-000000000046} |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegQueryValueExW |
Handle => 0x00000216 DataLength => 100 ValueName => AppID Type => 1299104 |
FAILURE | 0x00000002 | |
| 18:34:09,821 | 588 | RegCloseKey |
Handle => 0x00000216 |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegCloseKey |
Handle => 0x0000020a |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegOpenKeyExW |
Handle => 0x0000020a Registry => 0x00000212 SubKey => CLSID\{00021401-0000-0000-C000-000000000046} |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegOpenKeyExW |
Handle => 0x00000216 Registry => 0x0000020a SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegQueryValueExW |
Handle => 0x00000216 Data => A\x00p\x00a\x00r\x00t\x00m\x00e\x00n\x00t\x00\x00\x00 ValueName => ThreadingModel |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegCloseKey |
Handle => 0x00000216 |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegCloseKey |
Handle => 0x0000020a |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegOpenKeyExW |
Handle => 0x0000020a Registry => 0x80000000 SubKey => CLSID\{00021401-0000-0000-C000-000000000046} |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000020a SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:09,821 | 588 | RegCloseKey |
Handle => 0x0000020a |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | LdrLoadDll |
Flags => 1295880 BaseAddress => 0x7c9c0000 FileName => shell32.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DllGetClassObject FunctionAddress => 0x7c9f28b9 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DllCanUnloadNow FunctionAddress => 0x7ca2388d ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 18:34:09,821 | 588 | RegOpenKeyExW |
Handle => 0x00000214 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegQueryValueExW |
Handle => 0x00000214 DataLength => 4 ValueName => NormalizeLinkNetPidls Type => 1298724 |
FAILURE | 0x00000002 | |
| 18:34:09,821 | 588 | RegCloseKey |
Handle => 0x00000214 |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | LdrLoadDll |
Flags => 1299808 BaseAddress => 0x7e290000 FileName => SHDOCVW.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | LdrGetProcedureAddress |
Ordinal => 146 FunctionName => FunctionAddress => 0x7e2a5baa ModuleHandle => 0x7e290000 |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | LdrGetProcedureAddress |
Ordinal => 17 FunctionName => FunctionAddress => 0x7c9ec1b7 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | LdrGetProcedureAddress |
Ordinal => 16 FunctionName => FunctionAddress => 0x7c9ec97c ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegOpenKeyExW |
Handle => 0x00000208 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Toolbar |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegQueryValueExW |
Handle => 0x00000208 Data => L\x00i\x00n\x00k\x00s\x00\x00\x00 ValueName => LinksFolderName |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegCloseKey |
Handle => 0x00000208 |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | LdrGetProcedureAddress |
Ordinal => 222 FunctionName => FunctionAddress => 0x7e2b217b ModuleHandle => 0x7e290000 |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CreateBindCtx FunctionAddress => 0x774fe54c ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SHParseDisplayName FunctionAddress => 0x7c9edb70 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegOpenKeyExW |
Handle => 0x00000208 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegOpenKeyExW |
Handle => 0x00000214 Registry => 0x00000208 SubKey => {e6c716a2-b561-11e1-9849-806d6172696f}\ |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegCloseKey |
Handle => 0x00000208 |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegQueryValueExW |
Handle => 0x00000214 Data => 1 ValueName => Generation |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegCloseKey |
Handle => 0x00000214 |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegOpenKeyExW |
Handle => 0x00000216 Registry => 0x80000000 SubKey => Drive\shellex\FolderExtensions |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegEnumKeyW |
Handle => 0x00000216 Name => {fbeb8a05-beee-4442-804e-409d6c4515e9} Index => 0 |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegOpenKeyExW |
Handle => 0x0000020a Registry => 0x80000000 SubKey => Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9} |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegQueryValueExW |
Handle => 0x0000020a Data => 32 ValueName => DriveMask |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegCloseKey |
Handle => 0x0000020a |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | RegEnumKeyW |
Handle => 0x00000216 Name => {fbeb8a05-beee-4442-804e-409d6c4515e9} Index => 1 |
FAILURE | 0x00000103 | |
| 18:34:09,821 | 588 | RegCloseKey |
Handle => 0x00000216 |
SUCCESS | 0x00000000 | |
| 18:34:09,821 | 588 | FindFirstFileExW |
FileName => C:\Documents and Settings |
SUCCESS | 0x00190ec8 | |
| 18:34:09,821 | 588 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x00190ec8 | |
| 18:34:09,821 | 588 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Favorites |
SUCCESS | 0x00190ec8 | |
| 18:34:09,831 | 588 | NtOpenFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Favorites\desktop.ini DesiredAccess => 0x80100000 FileHandle => 0x00000214 |
SUCCESS | 0x00000000 | |
| 18:34:09,831 | 588 | NtQueryInformationFile |
FileHandle => 0x00000214 FileInformation => \x80\x00\x00\x00\x00\x00\x00\x00z\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:09,831 | 588 | NtReadFile |
Buffer => [.ShellClassInfo]
IconFile=%SystemRoot%\system32\SHELL32.dll
IconIndex=-173
LocalizedResourceName=@shell32.dll,-12693
FileHandle => 0x00000214 |
SUCCESS | 0x00000000 | |
| 18:34:09,831 | 588 | NtFreeVirtualMemory |
FreeType => 0x00008000 ProcessHandle => 0xffffffff RegionSize => 0x00101000 BaseAddress => 0x00f50000 |
SUCCESS | 0x00000000 | |
| 18:34:09,831 | 588 | NtOpenFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Favorites\desktop.ini DesiredAccess => 0x80100000 FileHandle => 0x00000214 |
SUCCESS | 0x00000000 | |
| 18:34:09,831 | 588 | NtQueryInformationFile |
FileHandle => 0x00000214 FileInformation => \x80\x00\x00\x00\x00\x00\x00\x00z\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:09,831 | 588 | NtReadFile |
Buffer => [.ShellClassInfo]
IconFile=%SystemRoot%\system32\SHELL32.dll
IconIndex=-173
LocalizedResourceName=@shell32.dll,-12693
FileHandle => 0x00000214 |
SUCCESS | 0x00000000 | |
| 18:34:09,831 | 588 | NtFreeVirtualMemory |
FreeType => 0x00008000 ProcessHandle => 0xffffffff RegionSize => 0x00101000 BaseAddress => 0x00f50000 |
SUCCESS | 0x00000000 | |
| 18:34:09,831 | 588 | NtOpenFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Favorites\desktop.ini DesiredAccess => 0x80100000 FileHandle => 0x00000214 |
SUCCESS | 0x00000000 | |
| 18:34:09,831 | 588 | NtQueryInformationFile |
FileHandle => 0x00000214 FileInformation => \x80\x00\x00\x00\x00\x00\x00\x00z\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:09,831 | 588 | NtReadFile |
Buffer => [.ShellClassInfo]
IconFile=%SystemRoot%\system32\SHELL32.dll
IconIndex=-173
LocalizedResourceName=@shell32.dll,-12693
FileHandle => 0x00000214 |
SUCCESS | 0x00000000 | |
| 18:34:09,831 | 588 | NtFreeVirtualMemory |
FreeType => 0x00008000 ProcessHandle => 0xffffffff RegionSize => 0x00101000 BaseAddress => 0x00f50000 |
SUCCESS | 0x00000000 | |
| 18:34:09,831 | 588 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Favorites\Links |
SUCCESS | 0x00190ec8 | |
| 18:34:09,831 | 588 | NtOpenFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Favorites\desktop.ini DesiredAccess => 0x80100000 FileHandle => 0x00000214 |
SUCCESS | 0x00000000 | |
| 18:34:09,831 | 588 | NtQueryInformationFile |
FileHandle => 0x00000214 FileInformation => \x80\x00\x00\x00\x00\x00\x00\x00z\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:09,831 | 588 | NtReadFile |
Buffer => [.ShellClassInfo]
IconFile=%SystemRoot%\system32\SHELL32.dll
IconIndex=-173
LocalizedResourceName=@shell32.dll,-12693
FileHandle => 0x00000214 |
SUCCESS | 0x00000000 | |
| 18:34:09,831 | 588 | NtFreeVirtualMemory |
FreeType => 0x00008000 ProcessHandle => 0xffffffff RegionSize => 0x00101000 BaseAddress => 0x00f50000 |
SUCCESS | 0x00000000 | |
| 18:34:09,831 | 588 | RegOpenKeyExW |
Handle => 0x00000214 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume |
SUCCESS | 0x00000000 | |
| 18:34:09,831 | 588 | RegOpenKeyExW |
Handle => 0x00000208 Registry => 0x00000214 SubKey => {e6c716a2-b561-11e1-9849-806d6172696f}\ |
SUCCESS | 0x00000000 | |
| 18:34:09,831 | 588 | RegCloseKey |
Handle => 0x00000214 |
SUCCESS | 0x00000000 | |
| 18:34:09,831 | 588 | RegQueryValueExW |
Handle => 0x00000208 Data => 1 ValueName => Generation |
SUCCESS | 0x00000000 | |
| 18:34:09,831 | 588 | RegCloseKey |
Handle => 0x00000208 |
SUCCESS | 0x00000000 | |
| 18:34:09,841 | 588 | FindFirstFileExW |
FileName => C:\Documents and Settings |
SUCCESS | 0x0018ffa0 | |
| 18:34:09,841 | 588 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x0018ffa0 | |
| 18:34:09,841 | 588 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings |
SUCCESS | 0x0018ffa0 | |
| 18:34:09,841 | 588 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files |
SUCCESS | 0x0018ffa0 | |
| 18:34:09,841 | 588 | NtOpenFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files\desktop.ini DesiredAccess => 0x80100000 FileHandle => 0x00000208 |
SUCCESS | 0x00000000 | |
| 18:34:09,841 | 588 | NtQueryInformationFile |
FileHandle => 0x00000208 FileInformation => H\x00\x00\x00\x00\x00\x00\x00C\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:09,841 | 588 | NtReadFile |
Buffer => [.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
FileHandle => 0x00000208 |
SUCCESS | 0x00000000 | |
| 18:34:09,841 | 588 | NtFreeVirtualMemory |
FreeType => 0x00008000 ProcessHandle => 0xffffffff RegionSize => 0x00101000 BaseAddress => 0x00f50000 |
SUCCESS | 0x00000000 | |
| 18:34:09,841 | 588 | NtOpenFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files\desktop.ini DesiredAccess => 0x80100000 FileHandle => 0x00000208 |
SUCCESS | 0x00000000 | |
| 18:34:09,841 | 588 | NtQueryInformationFile |
FileHandle => 0x00000208 FileInformation => H\x00\x00\x00\x00\x00\x00\x00C\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:09,841 | 588 | NtReadFile |
Buffer => [.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
FileHandle => 0x00000208 |
SUCCESS | 0x00000000 | |
| 18:34:09,841 | 588 | NtFreeVirtualMemory |
FreeType => 0x00008000 ProcessHandle => 0xffffffff RegionSize => 0x00101000 BaseAddress => 0x00f50000 |
SUCCESS | 0x00000000 | |
| 18:34:09,841 | 588 | NtOpenFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\Temporary Internet Files\desktop.ini DesiredAccess => 0x80100000 FileHandle => 0x00000208 |
SUCCESS | 0x00000000 | |
| 18:34:09,841 | 588 | NtQueryInformationFile |
FileHandle => 0x00000208 FileInformation => H\x00\x00\x00\x00\x00\x00\x00C\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:09,841 | 588 | NtReadFile |
Buffer => [.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
FileHandle => 0x00000208 |
SUCCESS | 0x00000000 | |
| 18:34:09,841 | 588 | NtFreeVirtualMemory |
FreeType => 0x00008000 ProcessHandle => 0xffffffff RegionSize => 0x00101000 BaseAddress => 0x00f50000 |
SUCCESS | 0x00000000 | |
| 18:34:09,841 | 588 | RegOpenKeyExW |
Handle => 0x0000020a Registry => 0x80000000 SubKey => CLSID\{7BD29E01-76C1-11CF-9DD0-00A0C9034933} |
SUCCESS | 0x00000000 | |
| 18:34:09,841 | 588 | RegCloseKey |
Handle => 0x0000020a |
SUCCESS | 0x00000000 | |
| 18:34:09,841 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 18:34:09,841 | 588 | RegOpenKeyExW |
Handle => 0x00000208 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 18:34:09,841 | 588 | RegQueryValueExW |
Handle => 0x00000208 DataLength => 4 ValueName => CompareJunctionness Type => 1297656 |
FAILURE | 0x00000002 | |
| 18:34:09,841 | 588 | RegCloseKey |
Handle => 0x00000208 |
SUCCESS | 0x00000000 | |
| 18:34:09,841 | 588 | RegOpenKeyExW |
Handle => 0x00000208 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Toolbar |
SUCCESS | 0x00000000 | |
| 18:34:09,841 | 588 | RegQueryValueExW |
Handle => 0x00000208 DataLength => 0 ValueName => SaveLinksOrder Type => 0 |
FAILURE | 0x00000002 | |
| 18:34:09,841 | 588 | RegCloseKey |
Handle => 0x00000208 |
SUCCESS | 0x00000000 | |
| 18:34:09,841 | 588 | LdrGetProcedureAddress |
Ordinal => 139 FunctionName => FunctionAddress => 0x7e346829 ModuleHandle => 0x7e290000 |
SUCCESS | 0x00000000 | |
| 18:34:09,841 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SHGetSpecialFolderLocation FunctionAddress => 0x7c9ef2e3 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,841 | 588 | LdrGetProcedureAddress |
Ordinal => 24 FunctionName => FunctionAddress => 0x7c9f14ec ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,841 | 588 | LdrGetProcedureAddress |
Ordinal => 153 FunctionName => FunctionAddress => 0x7ca3446f ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,841 | 588 | RegCreateKeyExW |
Handle => 0x00000208 Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
SUCCESS | 0x00000000 | |
| 18:34:09,841 | 588 | RegQueryValueExW |
Handle => 0x00000208 Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00R\x00e\x00c\x00e\x00n\x00t\x00\x00\x00 ValueName => Recent |
SUCCESS | 0x00000000 | |
| 18:34:09,841 | 588 | RegCloseKey |
Handle => 0x00000208 |
SUCCESS | 0x00000000 | |
| 18:34:09,841 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoTaskMemFree FunctionAddress => 0x774fd044 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,841 | 588 | LdrGetProcedureAddress |
Ordinal => 153 FunctionName => FunctionAddress => 0x7ca3446f ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,841 | 588 | RegOpenKeyExA |
Handle => 0x00000208 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links |
SUCCESS | 0x00000000 | |
| 18:34:09,841 | 588 | RegQueryValueExA |
Handle => 0x00000208 DataLength => 520 ValueName => Order Type => 3 |
SUCCESS | 0x00000000 | |
| 18:34:09,841 | 588 | RegQueryValueExA |
Handle => 0x00000208 Data => ValueName => Order |
SUCCESS | 0x00000000 | |
| 18:34:09,841 | 588 | RegCloseKey |
Handle => 0x00000208 |
SUCCESS | 0x00000000 | |
| 18:34:09,861 | 588 | LdrGetProcedureAddress |
Ordinal => 9 FunctionName => FunctionAddress => 0x773e15dd ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,871 | 588 | GetSystemMetrics |
SystemMetricIndex => 72 |
SUCCESS | 0x0000000d | |
| 18:34:09,871 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:09,871 | 588 | GetSystemMetrics |
SystemMetricIndex => 1 |
SUCCESS | 0x00000258 | |
| 18:34:09,871 | 588 | RegCreateKeyExW |
Handle => 0x00000208 Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
SUCCESS | 0x00000000 | |
| 18:34:09,871 | 588 | RegQueryValueExW |
Handle => 0x00000208 Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00A\x00p\x00p\x00l\x00i\x00c\x00a\x00t\x00i\x00o\x00n\x00 \x00D\x00a\x00t\x00a\x00\x00\x00 ValueName => AppData |
SUCCESS | 0x00000000 | |
| 18:34:09,871 | 588 | RegCloseKey |
Handle => 0x00000208 |
SUCCESS | 0x00000000 | |
| 18:34:09,871 | 588 | RegCreateKeyExW |
Handle => 0x00000208 Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
SUCCESS | 0x00000000 | |
| 18:34:09,871 | 588 | RegSetValueExW |
Handle => 0x00000208 Buffer => C\x00:\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\\x00A\x00p\x00p\x00l\x00i\x00c\x00a\x00t\x00i\x00o\x00n\x00 \x00D\x00a\x00t\x00a\x00\x00\x00 ValueName => AppData Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:09,871 | 588 | RegCloseKey |
Handle => 0x00000208 |
SUCCESS | 0x00000000 | |
| 18:34:09,871 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => HIMAGELIST_QueryInterface FunctionAddress => 0x773e30cb ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,871 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => ImageList_GetIconSize FunctionAddress => 0x773e5660 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,871 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:09,871 | 588 | GetSystemMetrics |
SystemMetricIndex => 57 |
SUCCESS | 0x000000a0 | |
| 18:34:09,871 | 588 | GetSystemMetrics |
SystemMetricIndex => 2 |
SUCCESS | 0x00000011 | |
| 18:34:09,871 | 588 | RegOpenKeyExW |
Handle => 0x00000208 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Toolbar |
SUCCESS | 0x00000000 | |
| 18:34:09,871 | 588 | RegQueryValueExW |
Handle => 0x00000208 Data => L\x00i\x00n\x00k\x00s\x00\x00\x00 ValueName => LinksFolderName |
SUCCESS | 0x00000000 | |
| 18:34:09,871 | 588 | RegCloseKey |
Handle => 0x00000208 |
SUCCESS | 0x00000000 | |
| 18:34:09,871 | 588 | LdrLoadDll |
Flags => 1297736 BaseAddress => 0x77120000 FileName => OLEAUT32.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,871 | 588 | LdrGetProcedureAddress |
Ordinal => 8 FunctionName => FunctionAddress => 0x77124950 ModuleHandle => 0x77120000 |
SUCCESS | 0x00000000 | |
| 18:34:09,871 | 588 | LdrGetProcedureAddress |
Ordinal => 411 FunctionName => FunctionAddress => 0x771251e9 ModuleHandle => 0x77120000 |
SUCCESS | 0x00000000 | |
| 18:34:09,871 | 588 | LdrGetDllHandle |
ModuleHandle => 0x774e0000 FileName => ole32.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,871 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoCreateInstanceEx FunctionAddress => 0x77500526 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,871 | 588 | LdrLoadDll |
Flags => 1297696 BaseAddress => 0x77120000 FileName => oleaut32.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,871 | 588 | LdrGetProcedureAddress |
Ordinal => 17 FunctionName => FunctionAddress => 0x77124f8d ModuleHandle => 0x77120000 |
SUCCESS | 0x00000000 | |
| 18:34:09,871 | 588 | LdrGetProcedureAddress |
Ordinal => 20 FunctionName => FunctionAddress => 0x771251a6 ModuleHandle => 0x77120000 |
SUCCESS | 0x00000000 | |
| 18:34:09,871 | 588 | LdrGetProcedureAddress |
Ordinal => 19 FunctionName => FunctionAddress => 0x7712515a ModuleHandle => 0x77120000 |
SUCCESS | 0x00000000 | |
| 18:34:09,871 | 588 | LdrGetProcedureAddress |
Ordinal => 23 FunctionName => FunctionAddress => 0x7712511b ModuleHandle => 0x77120000 |
SUCCESS | 0x00000000 | |
| 18:34:09,871 | 588 | LdrGetProcedureAddress |
Ordinal => 24 FunctionName => FunctionAddress => 0x7712514a ModuleHandle => 0x77120000 |
SUCCESS | 0x00000000 | |
| 18:34:09,871 | 588 | LdrGetProcedureAddress |
Ordinal => 9 FunctionName => FunctionAddress => 0x771248f0 ModuleHandle => 0x77120000 |
SUCCESS | 0x00000000 | |
| 18:34:09,911 | 588 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Favorites\Links\*.* |
SUCCESS | 0x0019eeb8 | |
| 18:34:09,911 | 588 | RegCreateKeyExW |
Handle => 0x00000214 Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
SUCCESS | 0x00000000 | |
| 18:34:09,911 | 588 | RegQueryValueExW |
Handle => 0x00000214 Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00R\x00e\x00c\x00e\x00n\x00t\x00\x00\x00 ValueName => Recent |
SUCCESS | 0x00000000 | |
| 18:34:09,911 | 588 | RegCloseKey |
Handle => 0x00000214 |
SUCCESS | 0x00000000 | |
| 18:34:09,921 | 588 | NtQueryDirectoryFile |
FileName => FileHandle => 0x00000208 FileInformation => h\x00\x00\x00\x00\x00\x00\x00`\xa3M\xbb\xd5I\xcd\x01\xd0\x95\x86\xc7\xe0\x91\xcf\x01`\xda\x99\xbf\xd5I\xcd\x01\xf0 \x11\xe3\xe0\x91\xcf\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00.\x00.\x00\x00\x00\x00\x00\x00\x00\x88\x00\x00\x00\x00\x00\x00\x00\x00\xcc\x96\xbf\xd5I\xcd\x01\x00\xcc\x96\xbf\xd5I\xcd\x01\x00\xcc\x96\xbf\xd5I\xcd\x01\x00\xcc\x96\xbf\xd5I\xcd\x01w\x00\x00\x00\x00\x00\x00\x00x\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00&\x00\x00\x00\x00\x00\x00\x00\x18\x00C\x00U\x00S\x00T\x00O\x00M\x00~\x001\x00.\x00U\x00R\x00L\x00C\x00u\x00s\x00t\x00o\x00m\x00i\x00z\x00e\x00 \x00L\x00i\x00n\x00k\x00s\x00.\x00u\x00r\x00l\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00\x00\x00\x000S\x98\xbf\xd5I\xcd\x01 |
SUCCESS | 0x00000000 | |
| 18:34:09,921 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 18:34:09,921 | 588 | RegOpenKeyExW |
Handle => 0x00000214 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 18:34:09,921 | 588 | RegQueryValueExW |
Handle => 0x00000214 DataLength => 4 ValueName => AllowFileCLSIDJunctions Type => 1299204 |
FAILURE | 0x00000002 | |
| 18:34:09,921 | 588 | RegCloseKey |
Handle => 0x00000214 |
SUCCESS | 0x00000000 | |
| 18:34:09,921 | 588 | NtQueryDirectoryFile |
FileName => FileHandle => 0x00000208 FileInformation => |
FAILURE | 2147483654 | |
| 18:34:09,921 | 588 | LdrGetProcedureAddress |
Ordinal => 338 FunctionName => FunctionAddress => 0x773e16f8 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,921 | 588 | RegOpenKeyExW |
Handle => 0x00000208 Registry => 0x000000d0 SubKey => FileExts |
SUCCESS | 0x00000000 | |
| 18:34:09,921 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000208 SubKey => .url |
FAILURE | 0x00000002 | 1 time |
| 18:34:09,921 | 588 | LdrGetProcedureAddress |
Ordinal => 326 FunctionName => FunctionAddress => 0x773e0cc1 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,921 | 588 | RegOpenKeyExW |
Handle => 0x00000216 Registry => 0x80000000 SubKey => .url |
SUCCESS | 0x00000000 | |
| 18:34:09,921 | 588 | RegQueryValueExW |
Handle => 0x00000216 Data => I\x00n\x00t\x00e\x00r\x00n\x00e\x00t\x00S\x00h\x00o\x00r\x00t\x00c\x00u\x00t\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:09,921 | 588 | RegOpenKeyExW |
Handle => 0x0000021a Registry => 0x80000000 SubKey => InternetShortcut |
SUCCESS | 0x00000000 | |
| 18:34:09,921 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000021a SubKey => CurVer |
FAILURE | 0x00000002 | |
| 18:34:09,921 | 588 | RegOpenKeyExW |
Handle => 0x0000021e Registry => 0x0000021a SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:09,921 | 588 | RegCloseKey |
Handle => 0x0000021a |
SUCCESS | 0x00000000 | |
| 18:34:09,921 | 588 | RegOpenKeyExW |
Handle => 0x0000021a Registry => 0x0000021e SubKey => ShellEx\IconHandler |
SUCCESS | 0x00000000 | |
| 18:34:09,921 | 588 | RegQueryValueExW |
Handle => 0x0000021a DataLength => 78 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:09,931 | 588 | RegCloseKey |
Handle => 0x0000021a |
SUCCESS | 0x00000000 | |
| 18:34:09,931 | 588 | RegQueryValueExW |
Handle => 0x0000021e DataLength => 0 ValueName => DocObject Type => 0 |
FAILURE | 0x00000002 | |
| 18:34:09,931 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000000 SubKey => SystemFileAssociations\.url |
FAILURE | 0x00000002 | |
| 18:34:09,931 | 588 | RegOpenKeyExW |
Handle => 0x0000021a Registry => 0x80000000 SubKey => .url |
SUCCESS | 0x00000000 | |
| 18:34:09,931 | 588 | RegQueryValueExW |
Handle => 0x0000021a DataLength => 80 ValueName => PerceivedType Type => 1298704 |
FAILURE | 0x00000002 | |
| 18:34:09,931 | 588 | RegCloseKey |
Handle => 0x0000021a |
SUCCESS | 0x00000000 | |
| 18:34:09,931 | 588 | RegQueryValueExW |
Handle => 0x0000021e DataLength => 0 ValueName => BrowseInPlace Type => 0 |
FAILURE | 0x00000002 | |
| 18:34:09,931 | 588 | RegOpenKeyExW |
Handle => 0x0000021a Registry => 0x0000021e SubKey => Clsid |
SUCCESS | 0x00000000 | |
| 18:34:09,931 | 588 | RegQueryValueExW |
Handle => 0x0000021a Data => {\x00F\x00B\x00F\x002\x003\x00B\x004\x000\x00-\x00E\x003\x00F\x000\x00-\x001\x000\x001\x00B\x00-\x008\x004\x008\x008\x00-\x000\x000\x00A\x00A\x000\x000\x003\x00E\x005\x006\x00F\x008\x00}\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:09,931 | 588 | RegCloseKey |
Handle => 0x0000021a |
SUCCESS | 0x00000000 | |
| 18:34:09,931 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000000 SubKey => CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\Implemented Categories\{00021490-0000-0000-C000-000000000046} |
FAILURE | 0x00000002 | |
| 18:34:09,931 | 588 | RegQueryValueExW |
Handle => 0x0000021e DataLength => 2 ValueName => IsShortcut Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:09,941 | 588 | RegQueryValueExW |
Handle => 0x0000021e DataLength => 0 ValueName => AlwaysShowExt Type => 0 |
FAILURE | 0x00000002 | |
| 18:34:09,941 | 588 | RegQueryValueExW |
Handle => 0x0000021e DataLength => 2 ValueName => NeverShowExt Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:09,941 | 588 | RegCloseKey |
Handle => 0x00000216 |
SUCCESS | 0x00000000 | |
| 18:34:09,941 | 588 | RegCloseKey |
Handle => 0x0000021e |
SUCCESS | 0x00000000 | |
| 18:34:09,941 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 18:34:09,941 | 588 | RegOpenKeyExW |
Handle => 0x0000021c Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 18:34:09,941 | 588 | RegQueryValueExW |
Handle => 0x0000021c DataLength => 4 ValueName => NoStrCmpLogical Type => 1299552 |
FAILURE | 0x00000002 | |
| 18:34:09,941 | 588 | RegCloseKey |
Handle => 0x0000021c |
SUCCESS | 0x00000000 | |
| 18:34:09,941 | 588 | LdrGetProcedureAddress |
Ordinal => 11 FunctionName => FunctionAddress => 0x773e183f ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,941 | 588 | LdrGetProcedureAddress |
Ordinal => 385 FunctionName => FunctionAddress => 0x773e1092 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,941 | 588 | LdrGetProcedureAddress |
Ordinal => 329 FunctionName => FunctionAddress => 0x773e0db5 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,941 | 588 | RegCreateKeyExW |
Handle => 0x0000021c Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
SUCCESS | 0x00000000 | |
| 18:34:09,941 | 588 | RegQueryValueExW |
Handle => 0x0000021c Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00R\x00e\x00c\x00e\x00n\x00t\x00\x00\x00 ValueName => Recent |
SUCCESS | 0x00000000 | |
| 18:34:09,941 | 588 | RegCloseKey |
Handle => 0x0000021c |
SUCCESS | 0x00000000 | |
| 18:34:09,941 | 588 | RegCreateKeyExW |
Handle => 0x0000021c Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
SUCCESS | 0x00000000 | |
| 18:34:09,941 | 588 | RegQueryValueExW |
Handle => 0x0000021c Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00R\x00e\x00c\x00e\x00n\x00t\x00\x00\x00 ValueName => Recent |
SUCCESS | 0x00000000 | |
| 18:34:09,941 | 588 | RegCloseKey |
Handle => 0x0000021c |
SUCCESS | 0x00000000 | |
| 18:34:09,941 | 588 | RegCreateKeyExW |
Handle => 0x0000021c Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
SUCCESS | 0x00000000 | |
| 18:34:09,941 | 588 | RegQueryValueExW |
Handle => 0x0000021c Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00R\x00e\x00c\x00e\x00n\x00t\x00\x00\x00 ValueName => Recent |
SUCCESS | 0x00000000 | |
| 18:34:09,941 | 588 | RegCloseKey |
Handle => 0x0000021c |
SUCCESS | 0x00000000 | |
| 18:34:09,941 | 588 | RegCreateKeyExW |
Handle => 0x0000021c Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
SUCCESS | 0x00000000 | |
| 18:34:09,941 | 588 | RegQueryValueExW |
Handle => 0x0000021c Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00R\x00e\x00c\x00e\x00n\x00t\x00\x00\x00 ValueName => Recent |
SUCCESS | 0x00000000 | |
| 18:34:09,941 | 588 | RegCloseKey |
Handle => 0x0000021c |
SUCCESS | 0x00000000 | |
| 18:34:09,941 | 588 | RegCreateKeyExW |
Handle => 0x0000021c Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
SUCCESS | 0x00000000 | |
| 18:34:09,941 | 588 | RegQueryValueExW |
Handle => 0x0000021c Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00R\x00e\x00c\x00e\x00n\x00t\x00\x00\x00 ValueName => Recent |
SUCCESS | 0x00000000 | |
| 18:34:09,941 | 588 | RegCloseKey |
Handle => 0x0000021c |
SUCCESS | 0x00000000 | |
| 18:34:09,941 | 588 | LdrGetProcedureAddress |
Ordinal => 386 FunctionName => FunctionAddress => 0x773e10c6 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,941 | 588 | RegCreateKeyExW |
Handle => 0x0000021c Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
SUCCESS | 0x00000000 | |
| 18:34:09,941 | 588 | RegQueryValueExW |
Handle => 0x0000021c Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00R\x00e\x00c\x00e\x00n\x00t\x00\x00\x00 ValueName => Recent |
SUCCESS | 0x00000000 | |
| 18:34:09,941 | 588 | RegCloseKey |
Handle => 0x0000021c |
SUCCESS | 0x00000000 | |
| 18:34:09,941 | 588 | RegCreateKeyExA |
Handle => 0x0000021c Access => 131103 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links |
SUCCESS | 0x00000000 | |
| 18:34:09,941 | 588 | LdrGetProcedureAddress |
Ordinal => 331 FunctionName => FunctionAddress => 0x773e1571 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,941 | 588 | LdrGetProcedureAddress |
Ordinal => 10 FunctionName => FunctionAddress => 0x773e10ea ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,941 | 588 | RegSetValueExA |
Handle => 0x0000021c Buffer => ValueName => Order Type => 3 |
SUCCESS | 0x00000000 | |
| 18:34:09,941 | 588 | RegCloseKey |
Handle => 0x0000021c |
SUCCESS | 0x00000000 | |
| 18:34:09,941 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:09,941 | 588 | GetSystemMetrics |
SystemMetricIndex => 57 |
SUCCESS | 0x000000a0 | |
| 18:34:09,941 | 588 | GetSystemMetrics |
SystemMetricIndex => 4096 |
SUCCESS | 0x00000000 | |
| 18:34:09,941 | 588 | GetSystemMetrics |
SystemMetricIndex => 2 |
SUCCESS | 0x00000011 | |
| 18:34:09,941 | 588 | RegOpenKeyExW |
Handle => 0x0000021c Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Toolbar |
SUCCESS | 0x00000000 | |
| 18:34:09,941 | 588 | RegQueryValueExW |
Handle => 0x0000021c Data => L\x00i\x00n\x00k\x00s\x00\x00\x00 ValueName => LinksFolderName |
SUCCESS | 0x00000000 | |
| 18:34:09,941 | 588 | RegCloseKey |
Handle => 0x0000021c |
SUCCESS | 0x00000000 | |
| 18:34:09,941 | 588 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0007 SectionHandle => 0x0000021c FileHandle => 0x00000000 |
SUCCESS | 0x00000000 | |
| 18:34:09,941 | 588 | ZwMapViewOfSection |
SectionOffset => 0x0013db64 SectionHandle => 0x0000021c ProcessHandle => 0xffffffff BaseAddress => 0x00d40000 |
SUCCESS | 0x00000000 | |
| 18:34:09,952 | 588 | ZwMapViewOfSection |
SectionOffset => 0x0013db84 SectionHandle => 0x00000214 ProcessHandle => 0xffffffff BaseAddress => 0x00d40000 |
SUCCESS | 0x00000000 | |
| 18:34:09,952 | 588 | ZwMapViewOfSection |
SectionOffset => 0x0013dbb8 SectionHandle => 0x0000021c ProcessHandle => 0xffffffff BaseAddress => 0x00d40000 |
SUCCESS | 0x00000000 | |
| 18:34:09,962 | 588 | GetSystemMetrics |
SystemMetricIndex => 41 |
SUCCESS | 0x00000000 | |
| 18:34:09,962 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7c9c0000 FileName => shell32.dll |
SUCCESS | 0x00000000 | |
| 18:34:09,962 | 588 | RegOpenKeyExW |
Handle => 0x00000214 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Toolbar |
SUCCESS | 0x00000000 | |
| 18:34:09,962 | 588 | RegQueryValueExW |
Handle => 0x00000214 DataLength => 520 ValueName => Type => 1299480 |
FAILURE | 0x00000002 | |
| 18:34:09,962 | 588 | RegCloseKey |
Handle => 0x00000214 |
SUCCESS | 0x00000000 | |
| 18:34:09,962 | 588 | GetSystemMetrics |
SystemMetricIndex => 41 |
SUCCESS | 0x00000000 | 1 time |
| 18:34:09,962 | 588 | RegOpenKeyExW |
Handle => 0x00000214 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Toolbar |
SUCCESS | 0x00000000 | |
| 18:34:09,972 | 588 | RegQueryValueExW |
Handle => 0x00000214 DataLength => 520 ValueName => BackBitmapIE5 Type => 1301172 |
FAILURE | 0x00000002 | |
| 18:34:09,972 | 588 | RegCloseKey |
Handle => 0x00000214 |
SUCCESS | 0x00000000 | |
| 18:34:09,972 | 588 | RegOpenKeyExW |
Handle => 0x00000214 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Toolbar |
SUCCESS | 0x00000000 | |
| 18:34:09,972 | 588 | RegQueryValueExW |
Handle => 0x00000214 DataLength => 520 ValueName => BackBitmap Type => 1301172 |
FAILURE | 0x00000002 | |
| 18:34:09,972 | 588 | RegCloseKey |
Handle => 0x00000214 |
SUCCESS | 0x00000000 | |
| 18:34:09,972 | 588 | NtOpenKey |
DesiredAccess => 1 KeyHandle => 0x00000214 ObjectAttributes => \Registry\MACHINE\System\CurrentControlSet\Control\Session Manager |
SUCCESS | 0x00000000 | |
| 18:34:09,972 | 588 | NtQueryValueKey |
KeyHandle => 0x00000214 ValueName => SafeProcessSearchMode |
FAILURE | 3221225524 | |
| 18:34:09,972 | 588 | GetSystemMetrics |
SystemMetricIndex => 2 |
SUCCESS | 0x00000011 | |
| 18:34:09,972 | 588 | RegOpenKeyExW |
Handle => 0x00000214 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Toolbar |
SUCCESS | 0x00000000 | |
| 18:34:09,972 | 588 | RegQueryValueExW |
Handle => 0x00000214 Data => L\x00i\x00n\x00k\x00s\x00\x00\x00 ValueName => LinksFolderName |
SUCCESS | 0x00000000 | |
| 18:34:09,972 | 588 | RegCloseKey |
Handle => 0x00000214 |
SUCCESS | 0x00000000 | |
| 18:34:09,972 | 588 | LdrGetProcedureAddress |
Ordinal => 4 FunctionName => FunctionAddress => 0x773e301e ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:09,982 | 588 | GetSystemMetrics |
SystemMetricIndex => 41 |
SUCCESS | 0x00000000 | 1 time |
| 18:34:09,982 | 588 | GetSystemMetrics |
SystemMetricIndex => 2 |
SUCCESS | 0x00000011 | |
| 18:34:09,982 | 588 | RegOpenKeyExW |
Handle => 0x00000214 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Toolbar |
SUCCESS | 0x00000000 | |
| 18:34:09,982 | 588 | RegQueryValueExW |
Handle => 0x00000214 Data => L\x00i\x00n\x00k\x00s\x00\x00\x00 ValueName => LinksFolderName |
SUCCESS | 0x00000000 | |
| 18:34:09,982 | 588 | RegCloseKey |
Handle => 0x00000214 |
SUCCESS | 0x00000000 | |
| 18:34:09,982 | 588 | GetSystemMetrics |
SystemMetricIndex => 41 |
SUCCESS | 0x00000000 | 2 times |
| 18:34:09,992 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:09,992 | 588 | GetSystemMetrics |
SystemMetricIndex => 8 |
SUCCESS | 0x00000003 | |
| 18:34:09,992 | 588 | GetSystemMetrics |
SystemMetricIndex => 7 |
SUCCESS | 0x00000003 | |
| 18:34:09,992 | 588 | GetSystemMetrics |
SystemMetricIndex => 2 |
SUCCESS | 0x00000011 | 2 times |
| 18:34:09,992 | 588 | GetSystemMetrics |
SystemMetricIndex => 7 |
SUCCESS | 0x00000003 | |
| 18:34:09,992 | 588 | GetSystemMetrics |
SystemMetricIndex => 8 |
SUCCESS | 0x00000003 | |
| 18:34:09,992 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:09,992 | 588 | GetSystemMetrics |
SystemMetricIndex => 8 |
SUCCESS | 0x00000003 | |
| 18:34:09,992 | 588 | GetSystemMetrics |
SystemMetricIndex => 7 |
SUCCESS | 0x00000003 | |
| 18:34:09,992 | 588 | GetSystemMetrics |
SystemMetricIndex => 2 |
SUCCESS | 0x00000011 | 2 times |
| 18:34:09,992 | 588 | GetSystemMetrics |
SystemMetricIndex => 7 |
SUCCESS | 0x00000003 | |
| 18:34:09,992 | 588 | GetSystemMetrics |
SystemMetricIndex => 8 |
SUCCESS | 0x00000003 | |
| 18:34:09,992 | 588 | RegOpenKeyExA |
Handle => 0x00000214 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main |
SUCCESS | 0x00000000 | |
| 18:34:09,992 | 588 | RegQueryValueExW |
Handle => 0x00000214 DataLength => 520 ValueName => Enable Browser Extensions Type => 1301320 |
FAILURE | 0x00000002 | |
| 18:34:09,992 | 588 | RegOpenKeyExA |
Handle => 0x0000021c Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main |
SUCCESS | 0x00000000 | |
| 18:34:09,992 | 588 | RegQueryValueExW |
Handle => 0x0000021c DataLength => 520 ValueName => Enable Browser Extensions Type => 1301320 |
FAILURE | 0x00000002 | |
| 18:34:09,992 | 588 | RegCloseKey |
Handle => 0x0000021c |
SUCCESS | 0x00000000 | |
| 18:34:09,992 | 588 | RegCloseKey |
Handle => 0x00000214 |
SUCCESS | 0x00000000 | |
| 18:34:09,992 | 588 | GetSystemMetrics |
SystemMetricIndex => 67 |
SUCCESS | 0x00000000 | |
| 18:34:09,992 | 588 | RegOpenKeyExW |
Handle => 0x00000214 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects |
SUCCESS | 0x00000000 | |
| 18:34:09,992 | 588 | RegEnumKeyExW |
Index => 0 Handle => 0x00000214 Name => Class => |
FAILURE | 0x00000103 | |
| 18:34:09,992 | 588 | RegCloseKey |
Handle => 0x00000214 |
SUCCESS | 0x00000000 | |
| 18:34:09,992 | 588 | LdrGetProcedureAddress |
Ordinal => 147 FunctionName => FunctionAddress => 0x7e2abc12 ModuleHandle => 0x7e290000 |
SUCCESS | 0x00000000 | |
| 18:34:09,992 | 588 | LdrGetProcedureAddress |
Ordinal => 210 FunctionName => FunctionAddress => 0x7e2c2ed9 ModuleHandle => 0x7e290000 |
SUCCESS | 0x00000000 | |
| 18:34:10,012 | 588 | LdrLoadDll |
Flags => 1293500 BaseAddress => 0x7e1e0000 FileName => urlmon.dll |
SUCCESS | 0x00000000 | |
| 18:34:10,012 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoInternetQueryInfo FunctionAddress => 0x7e1f5e1b ModuleHandle => 0x7e1e0000 |
SUCCESS | 0x00000000 | |
| 18:34:10,012 | 588 | LdrLoadDll |
Flags => 1291352 BaseAddress => 0x771b0000 FileName => WININET.dll |
SUCCESS | 0x00000000 | |
| 18:34:10,012 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetUrlCacheEntryInfoExA FunctionAddress => 0x771b6516 ModuleHandle => 0x771b0000 |
SUCCESS | 0x00000000 | |
| 18:34:10,012 | 588 | NtQueryInformationFile |
FileHandle => 0x00000174 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | 1 time |
| 18:34:10,022 | 588 | RegOpenKeyExW |
Handle => 0x00000220 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Connection Wizard |
SUCCESS | 0x00000000 | |
| 18:34:10,022 | 588 | RegQueryValueExW |
Handle => 0x00000220 Data => 1 ValueName => Completed |
SUCCESS | 0x00000000 | |
| 18:34:10,022 | 588 | RegCloseKey |
Handle => 0x00000220 |
SUCCESS | 0x00000000 | |
| 18:34:10,022 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SoftwareUpdateMessageBox FunctionAddress => 0x7e2d47b6 ModuleHandle => 0x7e290000 |
SUCCESS | 0x00000000 | |
| 18:34:10,022 | 588 | LdrLoadDll |
Flags => 1297520 BaseAddress => 0x7e1e0000 FileName => urlmon.dll |
SUCCESS | 0x00000000 | |
| 18:34:10,022 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetSoftwareUpdateInfo FunctionAddress => 0x7e224682 ModuleHandle => 0x7e1e0000 |
SUCCESS | 0x00000000 | |
| 18:34:10,022 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Code Store Database\Distribution Units |
FAILURE | 0x00000002 | |
| 18:34:10,022 | 588 | RegOpenKeyExW |
Handle => 0x00000220 Registry => 0x80000002 SubKey => Software\Microsoft\Ole |
SUCCESS | 0x00000000 | |
| 18:34:10,022 | 588 | RegQueryValueExW |
Handle => 0x00000220 DataLength => 4 ValueName => MaximumAllowedAllocationSize Type => 1297288 |
FAILURE | 0x00000002 | |
| 18:34:10,022 | 588 | RegCloseKey |
Handle => 0x00000220 |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegOpenKeyExA |
Handle => 0x00000222 Registry => 0x80000000 SubKey => CLSID |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x00000222 SubKey => {89820200-ECBD-11CF-8B85-00AA005B4383} |
FAILURE | 0x00000002 | |
| 18:34:10,032 | 588 | RegCloseKey |
Handle => 0x00000222 |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegOpenKeyExA |
Handle => 0x00000220 Registry => 0x80000002 SubKey => Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383} |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegQueryValueExA |
Handle => 0x00000220 Data => en\x00 ValueName => Locale |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegQueryValueExA |
Handle => 0x00000220 Data => 1 ValueName => IsInstalled |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegQueryValueExA |
Handle => 0x00000220 Data => 6,0,2900,5512\x00 ValueName => Version |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegCloseKey |
Handle => 0x00000220 |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegOpenKeyExA |
Handle => 0x00000220 Registry => 0x80000002 SubKey => Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383} |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegQueryValueExA |
Handle => 0x00000220 DataLength => 520 ValueName => Version available Type => 544 |
FAILURE | 0x00000002 | |
| 18:34:10,032 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions |
FAILURE | 0x00000002 | |
| 18:34:10,032 | 588 | RegOpenKeyExA |
Handle => 0x00000228 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegQueryValueExW |
Handle => 0x00000228 Data => 1 ValueName => NoUpdateCheck |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegCloseKey |
Handle => 0x00000228 |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetQueryNetSessionCount FunctionAddress => 0x7e2d4863 ModuleHandle => 0x7e290000 |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => InternetSetOptionW FunctionAddress => 0x771bbc41 ModuleHandle => 0x771b0000 |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegOpenKeyExA |
Handle => 0x0000022c Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegQueryValueExA |
Handle => 0x0000022c DataLength => 20 ValueName => Check_Associations Type => 556 |
FAILURE | 0x00000002 | |
| 18:34:10,032 | 588 | RegCloseKey |
Handle => 0x0000022c |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => http |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => 2 ValueName => EditFlags |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => http |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => \x00 ValueName => URL Protocol |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => https |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => 2 ValueName => EditFlags |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => https |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => \x00 ValueName => URL Protocol |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => ftp |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => 2 ValueName => EditFlags |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => ftp |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => \x00 ValueName => URL Protocol |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => gopher |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => 2 ValueName => EditFlags |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => gopher |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => \x00 ValueName => URL Protocol |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => telnet |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => URL:Telnet Protocol\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => telnet |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => 2 ValueName => EditFlags |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => telnet |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => \x00 ValueName => URL Protocol |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => telnet\DefaultIcon |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => %SystemRoot%\system32\url.dll,0\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => telnet\shell\open\command |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => rundll32.exe url.dll,TelnetProtocolHandler %l\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => rlogin |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => URL:RLogin Protocol\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => rlogin |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => 2 ValueName => EditFlags |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => rlogin |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => \x00 ValueName => URL Protocol |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => rlogin\DefaultIcon |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => %SystemRoot%\system32\url.dll,0\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => rlogin\shell\open\command |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => rundll32.exe url.dll,TelnetProtocolHandler %l\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => tn3270 |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => URL:TN3270 Protocol\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => tn3270 |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => 2 ValueName => EditFlags |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => tn3270 |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => \x00 ValueName => URL Protocol |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => tn3270\DefaultIcon |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => %SystemRoot%\system32\url.dll,0\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => tn3270\shell\open\command |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => rundll32.exe url.dll,TelnetProtocolHandler %l\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => mailto |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => URL:MailTo Protocol\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => mailto |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => ValueName => EditFlags |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => mailto |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => \x00 ValueName => URL Protocol |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => mailto\DefaultIcon |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => %ProgramFiles%\Outlook Express\msimn.exe,-2\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => mailto\shell\open\command |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => "%ProgramFiles%\Outlook Express\msimn.exe" /mailurl:%1\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => news |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => URL:News Protocol\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => news |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => ValueName => EditFlags |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => news |
SUCCESS | 0x00000000 | |
| 18:34:10,032 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => \x00 ValueName => URL Protocol |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => news\DefaultIcon |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => %ProgramFiles%\Outlook Express\msimn.exe,-3\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => news\shell\open\command |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => "%ProgramFiles%\Outlook Express\msimn.exe" /newsurl:"%1"\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => .url |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => InternetShortcut\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => InternetShortcut |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => Internet Shortcut\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => InternetShortcut |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => 2 ValueName => EditFlags |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => InternetShortcut |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => \x00 ValueName => IsShortcut |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => InternetShortcut |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => \x00 ValueName => NeverShowExt |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => InternetShortcut\CLSID |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => {FBF23B40-E3F0-101B-8488-00AA003E56F8}\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => InternetShortcut\DefaultIcon |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => %SystemRoot%\system32\url.dll,0\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => InternetShortcut\shellex\IconHandler |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => {FBF23B40-E3F0-101B-8488-00AA003E56F8}\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => InternetShortcut\shellex\PropertySheetHandlers\{FBF23B40-E3F0-101B-8488-00AA003E56F8} |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => \x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8} |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => Internet Shortcut\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\InProcServer32 |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => shdocvw.dll\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\InProcServer32 |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => Apartment\x00 ValueName => ThreadingModel |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\InProcServer32 |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => \x00 ValueName => LoadWithoutCOM |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => .htm |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegQueryValueExA |
Handle => 0x0000022e Data => ChromeHTML\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:10,042 | 588 | LdrLoadDll |
Flags => 1300204 BaseAddress => 0x71800000 FileName => C:\WINDOWS\system32\shdoclc.dll |
SUCCESS | 0x00000000 | |
| 18:34:10,102 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => EnableThemeDialogTexture FunctionAddress => 0x5ad7b45b ModuleHandle => 0x5ad70000 |
SUCCESS | 0x00000000 | |
| 18:34:10,102 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:10,102 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:10,102 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:10,102 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:10,102 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:10,102 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:10,102 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:10,102 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:10,102 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:10,102 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:10,102 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:10,102 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:10,102 | 588 | GetSystemMetrics |
SystemMetricIndex => 31 |
SUCCESS | 0x00000019 | 11 times |
| 18:34:10,112 | 588 | RegOpenKeyExA |
Handle => 0x0000022c Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main |
SUCCESS | 0x00000000 | |
| 18:34:10,112 | 588 | RegQueryValueExW |
Handle => 0x0000022c DataLength => 520 ValueName => ShowedCheckBrowser Type => 1300444 |
FAILURE | 0x00000002 | |
| 18:34:10,112 | 588 | RegOpenKeyExA |
Handle => 0x00000230 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main |
SUCCESS | 0x00000000 | |
| 18:34:10,112 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 520 ValueName => ShowedCheckBrowser Type => 1300444 |
FAILURE | 0x00000002 | |
| 18:34:10,112 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:10,112 | 588 | RegCloseKey |
Handle => 0x0000022c |
SUCCESS | 0x00000000 | |
| 18:34:10,132 | 588 | RegCreateKeyExA |
Handle => 0x0000022c Access => 3 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Internet Explorer\Main |
SUCCESS | 0x00000000 | |
| 18:34:10,132 | 588 | RegSetValueExW |
Handle => 0x0000022c Buffer => Y\x00e\x00s\x00\x00\x00 ValueName => ShowedCheckBrowser Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:10,132 | 588 | RegCloseKey |
Handle => 0x0000022c |
SUCCESS | 0x00000000 | |
| 18:34:10,132 | 588 | GetSystemMetrics |
SystemMetricIndex => 31 |
SUCCESS | 0x00000019 | 5 times |
| 18:34:10,142 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => IsThemeBackgroundPartiallyTransparent FunctionAddress => 0x5ad8aef2 ModuleHandle => 0x5ad70000 |
SUCCESS | 0x00000000 | |
| 18:34:10,152 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DrawThemeParentBackground FunctionAddress => 0x5ad8af7d ModuleHandle => 0x5ad70000 |
SUCCESS | 0x00000000 | |
| 18:34:10,152 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DrawThemeBackground FunctionAddress => 0x5ad72bef ModuleHandle => 0x5ad70000 |
SUCCESS | 0x00000000 | |
| 18:34:10,152 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetThemeBackgroundContentRect FunctionAddress => 0x5ad73e8a ModuleHandle => 0x5ad70000 |
SUCCESS | 0x00000000 | |
| 18:34:10,152 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DrawThemeText FunctionAddress => 0x5ad72ff8 ModuleHandle => 0x5ad70000 |
SUCCESS | 0x00000000 | |
| 18:34:10,152 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetThemePartSize FunctionAddress => 0x5ad741a9 ModuleHandle => 0x5ad70000 |
SUCCESS | 0x00000000 | |
| 18:34:10,162 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:10,162 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:10,162 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:10,162 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:11,043 | 588 | GetSystemMetrics |
SystemMetricIndex => 31 |
SUCCESS | 0x00000019 | 9 times |
| 18:34:12,055 | 588 | RegOpenKeyExA |
Handle => 0x0000022c Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main |
SUCCESS | 0x00000000 | |
| 18:34:12,055 | 588 | RegSetValueExW |
Handle => 0x0000022c Buffer => N\x00o\x00\x00\x00 ValueName => Check_Associations Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,055 | 588 | RegCloseKey |
Handle => 0x0000022c |
SUCCESS | 0x00000000 | |
| 18:34:12,065 | 588 | GetSystemMetrics |
SystemMetricIndex => 31 |
SUCCESS | 0x00000019 | 3 times |
| 18:34:12,065 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => http |
SUCCESS | 0x00000000 | |
| 18:34:12,075 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => URL:HyperText Transfer Protocol\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,075 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,075 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => http |
SUCCESS | 0x00000000 | |
| 18:34:12,075 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => 2 ValueName => EditFlags Type => 4 |
SUCCESS | 0x00000000 | |
| 18:34:12,075 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,085 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => http |
SUCCESS | 0x00000000 | |
| 18:34:12,085 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => \x00 ValueName => URL Protocol Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,085 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,085 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => http\DefaultIcon |
SUCCESS | 0x00000000 | |
| 18:34:12,085 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => %SystemRoot%\system32\url.dll,0\x00 ValueName => Type => 2 |
SUCCESS | 0x00000000 | |
| 18:34:12,085 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,085 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => https |
SUCCESS | 0x00000000 | |
| 18:34:12,085 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => URL:HyperText Transfer Protocol with Privacy\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,085 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,085 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => https |
SUCCESS | 0x00000000 | |
| 18:34:12,085 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => 2 ValueName => EditFlags Type => 4 |
SUCCESS | 0x00000000 | |
| 18:34:12,085 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,095 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => https |
SUCCESS | 0x00000000 | |
| 18:34:12,095 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => \x00 ValueName => URL Protocol Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,095 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,095 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => https\DefaultIcon |
SUCCESS | 0x00000000 | |
| 18:34:12,095 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => %SystemRoot%\system32\url.dll,0\x00 ValueName => Type => 2 |
SUCCESS | 0x00000000 | |
| 18:34:12,115 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,115 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => ftp |
SUCCESS | 0x00000000 | |
| 18:34:12,115 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => URL:File Transfer Protocol\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,115 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,115 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => ftp |
SUCCESS | 0x00000000 | |
| 18:34:12,115 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => 2 ValueName => EditFlags Type => 4 |
SUCCESS | 0x00000000 | |
| 18:34:12,115 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,115 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => ftp |
SUCCESS | 0x00000000 | |
| 18:34:12,125 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => \x00 ValueName => URL Protocol Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,125 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,125 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => ftp\DefaultIcon |
SUCCESS | 0x00000000 | |
| 18:34:12,125 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => %SystemRoot%\system32\url.dll,0\x00 ValueName => Type => 2 |
SUCCESS | 0x00000000 | |
| 18:34:12,125 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,135 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => gopher |
SUCCESS | 0x00000000 | |
| 18:34:12,135 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => URL:Gopher Protocol\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,135 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,135 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => gopher |
SUCCESS | 0x00000000 | |
| 18:34:12,135 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => 2 ValueName => EditFlags Type => 4 |
SUCCESS | 0x00000000 | |
| 18:34:12,135 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,135 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => gopher |
SUCCESS | 0x00000000 | |
| 18:34:12,135 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => \x00 ValueName => URL Protocol Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,145 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,145 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => gopher\DefaultIcon |
SUCCESS | 0x00000000 | |
| 18:34:12,145 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => %SystemRoot%\system32\url.dll,0\x00 ValueName => Type => 2 |
SUCCESS | 0x00000000 | |
| 18:34:12,145 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,145 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => telnet |
SUCCESS | 0x00000000 | |
| 18:34:12,145 | 588 | RegQueryValueExA |
Handle => 0x0000022e DataLength => 20 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,145 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,145 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => telnet |
SUCCESS | 0x00000000 | |
| 18:34:12,145 | 588 | RegQueryValueExA |
Handle => 0x0000022e DataLength => 0 ValueName => EditFlags Type => 4 |
SUCCESS | 0x00000000 | |
| 18:34:12,145 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,145 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => telnet |
SUCCESS | 0x00000000 | |
| 18:34:12,145 | 588 | RegQueryValueExA |
Handle => 0x0000022e DataLength => 0 ValueName => URL Protocol Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,145 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,145 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => telnet\DefaultIcon |
SUCCESS | 0x00000000 | |
| 18:34:12,145 | 588 | RegQueryValueExA |
Handle => 0x0000022e DataLength => 32 ValueName => Type => 2 |
SUCCESS | 0x00000000 | |
| 18:34:12,145 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,145 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => telnet\shell\open\command |
SUCCESS | 0x00000000 | |
| 18:34:12,145 | 588 | RegQueryValueExA |
Handle => 0x0000022e DataLength => 46 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,145 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,145 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => rlogin |
SUCCESS | 0x00000000 | |
| 18:34:12,145 | 588 | RegQueryValueExA |
Handle => 0x0000022e DataLength => 20 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,145 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,145 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => rlogin |
SUCCESS | 0x00000000 | |
| 18:34:12,145 | 588 | RegQueryValueExA |
Handle => 0x0000022e DataLength => 0 ValueName => EditFlags Type => 4 |
SUCCESS | 0x00000000 | |
| 18:34:12,145 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,145 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => rlogin |
SUCCESS | 0x00000000 | |
| 18:34:12,145 | 588 | RegQueryValueExA |
Handle => 0x0000022e DataLength => 0 ValueName => URL Protocol Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,145 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,145 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => rlogin\DefaultIcon |
SUCCESS | 0x00000000 | |
| 18:34:12,145 | 588 | RegQueryValueExA |
Handle => 0x0000022e DataLength => 32 ValueName => Type => 2 |
SUCCESS | 0x00000000 | |
| 18:34:12,145 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,145 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => rlogin\shell\open\command |
SUCCESS | 0x00000000 | |
| 18:34:12,145 | 588 | RegQueryValueExA |
Handle => 0x0000022e DataLength => 46 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,145 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,145 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => tn3270 |
SUCCESS | 0x00000000 | |
| 18:34:12,145 | 588 | RegQueryValueExA |
Handle => 0x0000022e DataLength => 20 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,145 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,145 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => tn3270 |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegQueryValueExA |
Handle => 0x0000022e DataLength => 0 ValueName => EditFlags Type => 4 |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => tn3270 |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegQueryValueExA |
Handle => 0x0000022e DataLength => 0 ValueName => URL Protocol Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => tn3270\DefaultIcon |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegQueryValueExA |
Handle => 0x0000022e DataLength => 32 ValueName => Type => 2 |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => tn3270\shell\open\command |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegQueryValueExA |
Handle => 0x0000022e DataLength => 46 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => mailto |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegQueryValueExA |
Handle => 0x0000022e DataLength => 20 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => mailto |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegQueryValueExA |
Handle => 0x0000022e DataLength => 0 ValueName => EditFlags Type => 3 |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => mailto |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegQueryValueExA |
Handle => 0x0000022e DataLength => 0 ValueName => URL Protocol Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => mailto\DefaultIcon |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegQueryValueExA |
Handle => 0x0000022e DataLength => 44 ValueName => Type => 2 |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => mailto\shell\open\command |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegQueryValueExA |
Handle => 0x0000022e DataLength => 55 ValueName => Type => 2 |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => news |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegQueryValueExA |
Handle => 0x0000022e DataLength => 18 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => news |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegQueryValueExA |
Handle => 0x0000022e DataLength => 0 ValueName => EditFlags Type => 3 |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => news |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegQueryValueExA |
Handle => 0x0000022e DataLength => 0 ValueName => URL Protocol Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => news\DefaultIcon |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegQueryValueExA |
Handle => 0x0000022e DataLength => 44 ValueName => Type => 2 |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegOpenKeyExA |
Handle => 0x0000022e Registry => 0x80000000 SubKey => news\shell\open\command |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegQueryValueExA |
Handle => 0x0000022e DataLength => 57 ValueName => Type => 2 |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => .url |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => InternetShortcut\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => InternetShortcut |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => Internet Shortcut\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => InternetShortcut |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => 2 ValueName => EditFlags Type => 4 |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => InternetShortcut |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => \x00 ValueName => IsShortcut Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => InternetShortcut |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => \x00 ValueName => NeverShowExt Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => InternetShortcut\CLSID |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => {FBF23B40-E3F0-101B-8488-00AA003E56F8}\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => InternetShortcut\DefaultIcon |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => %SystemRoot%\system32\url.dll,0\x00 ValueName => Type => 2 |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => InternetShortcut\shellex\IconHandler |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => {FBF23B40-E3F0-101B-8488-00AA003E56F8}\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => InternetShortcut\shellex\PropertySheetHandlers\{FBF23B40-E3F0-101B-8488-00AA003E56F8} |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => \x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8} |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => Internet Shortcut\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\InProcServer32 |
SUCCESS | 0x00000000 | |
| 18:34:12,155 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => shdocvw.dll\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,165 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,165 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\InProcServer32 |
SUCCESS | 0x00000000 | |
| 18:34:12,165 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => Apartment\x00 ValueName => ThreadingModel Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,165 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,165 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\InProcServer32 |
SUCCESS | 0x00000000 | |
| 18:34:12,165 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => \x00 ValueName => LoadWithoutCOM Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,165 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,165 | 588 | RegOpenKeyExA |
Handle => 0x00000230 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE |
SUCCESS | 0x00000000 | |
| 18:34:12,165 | 588 | RegQueryValueExA |
Handle => 0x00000230 Data => C:\Program Files\Internet Explorer\iexplore.exe\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:12,165 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:12,165 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => htmlfile\DefaultIcon |
SUCCESS | 0x00000000 | |
| 18:34:12,165 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => C:\Program Files\Internet Explorer\iexplore.exe,1\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,165 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,165 | 588 | RegOpenKeyExA |
Handle => 0x0000022c Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE |
SUCCESS | 0x00000000 | |
| 18:34:12,165 | 588 | RegQueryValueExA |
Handle => 0x0000022c Data => C:\Program Files\Internet Explorer\iexplore.exe\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:12,165 | 588 | RegCloseKey |
Handle => 0x0000022c |
SUCCESS | 0x00000000 | |
| 18:34:12,165 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => mhtmlfile\DefaultIcon |
SUCCESS | 0x00000000 | |
| 18:34:12,165 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => C:\Program Files\Internet Explorer\iexplore.exe,22\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,165 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,165 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => .htm |
SUCCESS | 0x00000000 | |
| 18:34:12,165 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => htmlfile\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,165 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,165 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => .htm |
SUCCESS | 0x00000000 | |
| 18:34:12,165 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => text/html\x00 ValueName => Content Type Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,165 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,165 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => .html |
SUCCESS | 0x00000000 | |
| 18:34:12,165 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => htmlfile\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,165 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,165 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => .html |
SUCCESS | 0x00000000 | |
| 18:34:12,175 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => text/html\x00 ValueName => Content Type Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,175 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,175 | 588 | RegOpenKeyExA |
Handle => 0x00000230 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE |
SUCCESS | 0x00000000 | |
| 18:34:12,185 | 588 | RegQueryValueExA |
Handle => 0x00000230 Data => C:\Program Files\Internet Explorer\iexplore.exe\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:12,185 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:12,185 | 588 | FindFirstFileExW |
FileName => C:\Program Files |
SUCCESS | 0x0019eeb8 | |
| 18:34:12,185 | 588 | FindFirstFileExW |
FileName => C:\Program Files\Internet Explorer |
SUCCESS | 0x0019eeb8 | |
| 18:34:12,185 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => http\shell\open\command |
SUCCESS | 0x00000000 | |
| 18:34:12,185 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => "C:\Program Files\Internet Explorer\iexplore.exe" -nohome\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,185 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,185 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => http\shell\open\ddeexec |
SUCCESS | 0x00000000 | |
| 18:34:12,195 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => "%1",,-1,0,,,,\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,195 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,195 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => http\shell\open\ddeexec |
SUCCESS | 0x00000000 | |
| 18:34:12,205 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => \x00 ValueName => NoActivateHandler Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,205 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,205 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => http\shell\open\ddeexec\Application |
SUCCESS | 0x00000000 | |
| 18:34:12,205 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => IExplore\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,215 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,215 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => http\shell\open\ddeexec\Topic |
SUCCESS | 0x00000000 | |
| 18:34:12,215 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => WWW_OpenURL\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,215 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,215 | 588 | RegOpenKeyExA |
Handle => 0x0000022c Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE |
SUCCESS | 0x00000000 | |
| 18:34:12,215 | 588 | RegQueryValueExA |
Handle => 0x0000022c Data => C:\Program Files\Internet Explorer\iexplore.exe\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:12,215 | 588 | RegCloseKey |
Handle => 0x0000022c |
SUCCESS | 0x00000000 | |
| 18:34:12,215 | 588 | FindFirstFileExW |
FileName => C:\Program Files |
SUCCESS | 0x0019eeb8 | |
| 18:34:12,215 | 588 | FindFirstFileExW |
FileName => C:\Program Files\Internet Explorer |
SUCCESS | 0x0019eeb8 | |
| 18:34:12,215 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => https\shell\open\command |
SUCCESS | 0x00000000 | |
| 18:34:12,215 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => "C:\Program Files\Internet Explorer\iexplore.exe" -nohome\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,225 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,225 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => https\shell\open\ddeexec |
SUCCESS | 0x00000000 | |
| 18:34:12,225 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => "%1",,-1,0,,,,\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,225 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,225 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => https\shell\open\ddeexec |
SUCCESS | 0x00000000 | |
| 18:34:12,225 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => \x00 ValueName => NoActivateHandler Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,225 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,235 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => https\shell\open\ddeexec\Application |
SUCCESS | 0x00000000 | |
| 18:34:12,235 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => IExplore\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,235 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,235 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => https\shell\open\ddeexec\Topic |
SUCCESS | 0x00000000 | |
| 18:34:12,235 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => WWW_OpenURL\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,235 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,235 | 588 | RegOpenKeyExA |
Handle => 0x00000230 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE |
SUCCESS | 0x00000000 | |
| 18:34:12,235 | 588 | RegQueryValueExA |
Handle => 0x00000230 Data => C:\Program Files\Internet Explorer\iexplore.exe\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:12,235 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:12,235 | 588 | FindFirstFileExW |
FileName => C:\Program Files |
SUCCESS | 0x0019eeb8 | |
| 18:34:12,235 | 588 | FindFirstFileExW |
FileName => C:\Program Files\Internet Explorer |
SUCCESS | 0x0019eeb8 | |
| 18:34:12,245 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => ftp\shell\open\command |
SUCCESS | 0x00000000 | |
| 18:34:12,245 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => "C:\Program Files\Internet Explorer\iexplore.exe" %1\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,245 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,245 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => ftp\shell\open\ddeexec |
SUCCESS | 0x00000000 | |
| 18:34:12,245 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => "%1",,-1,0,,,,\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,245 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,245 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => ftp\shell\open\ddeexec |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => \x00 ValueName => NoActivateHandler Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => ftp\shell\open\ddeexec\Application |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => IExplore\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => ftp\shell\open\ddeexec\Topic |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => WWW_OpenURL\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => ftp\shell\open\ddeexec\ifExec |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => *\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegOpenKeyExA |
Handle => 0x00000230 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegQueryValueExA |
Handle => 0x00000230 Data => C:\Program Files\Internet Explorer\iexplore.exe\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | FindFirstFileExW |
FileName => C:\Program Files |
SUCCESS | 0x0019eeb8 | |
| 18:34:12,255 | 588 | FindFirstFileExW |
FileName => C:\Program Files\Internet Explorer |
SUCCESS | 0x0019eeb8 | |
| 18:34:12,255 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => gopher\shell\open\command |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => "C:\Program Files\Internet Explorer\iexplore.exe" -nohome\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => gopher\shell\open\ddeexec |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => "%1",,-1,0,,,,\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => gopher\shell\open\ddeexec |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => \x00 ValueName => NoActivateHandler Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => gopher\shell\open\ddeexec\Application |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => IExplore\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => gopher\shell\open\ddeexec\Topic |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => WWW_OpenURL\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => htmlfile\shell |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => opennew\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => htmlfile\shell\open |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => Open in S&ame Window\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegOpenKeyExA |
Handle => 0x0000022c Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegQueryValueExA |
Handle => 0x0000022c Data => C:\Program Files\Internet Explorer\iexplore.exe\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegCloseKey |
Handle => 0x0000022c |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | FindFirstFileExW |
FileName => C:\Program Files |
SUCCESS | 0x0019eeb8 | |
| 18:34:12,255 | 588 | FindFirstFileExW |
FileName => C:\Program Files\Internet Explorer |
SUCCESS | 0x0019eeb8 | |
| 18:34:12,255 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => htmlfile\shell\open\command |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => "C:\Program Files\Internet Explorer\iexplore.exe" -nohome\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => htmlfile\shell\open\ddeexec |
SUCCESS | 0x00000000 | |
| 18:34:12,255 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => "file://%1",,-1,,,,,\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => htmlfile\shell\open\ddeexec |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => \x00 ValueName => NoActivateHandler Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => htmlfile\shell\open\ddeexec\Application |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => IExplore\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => htmlfile\shell\open\ddeexec\Topic |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => WWW_OpenURL\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => mhtmlfile\shell |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => opennew\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => htmlfile\shell\opennew |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => &Open\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegOpenKeyExA |
Handle => 0x00000230 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegQueryValueExA |
Handle => 0x00000230 Data => C:\Program Files\Internet Explorer\iexplore.exe\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | FindFirstFileExW |
FileName => C:\Program Files |
SUCCESS | 0x0019eeb8 | |
| 18:34:12,265 | 588 | FindFirstFileExW |
FileName => C:\Program Files\Internet Explorer |
SUCCESS | 0x0019eeb8 | |
| 18:34:12,265 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => htmlfile\shell\opennew\command |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => "C:\Program Files\Internet Explorer\iexplore.exe" %1\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => htmlfile\shell\opennew\ddeexec |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => "%1",,-1,0,,,,\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => htmlfile\shell\opennew\ddeexec\IfExec |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => *\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => htmlfile\shell\opennew\ddeexec |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => \x00 ValueName => NoActivateHandler Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => htmlfile\shell\opennew\ddeexec\Application |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => IExplore\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => htmlfile\shell\opennew\ddeexec\Topic |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => WWW_OpenURLNewWindow\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => mhtmlfile\shell\open |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => Open in S&ame Window\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegOpenKeyExA |
Handle => 0x0000022c Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegQueryValueExA |
Handle => 0x0000022c Data => C:\Program Files\Internet Explorer\iexplore.exe\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegCloseKey |
Handle => 0x0000022c |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | FindFirstFileExW |
FileName => C:\Program Files |
SUCCESS | 0x0019eeb8 | |
| 18:34:12,265 | 588 | FindFirstFileExW |
FileName => C:\Program Files\Internet Explorer |
SUCCESS | 0x0019eeb8 | |
| 18:34:12,265 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => mhtmlfile\shell\open\command |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => "C:\Program Files\Internet Explorer\iexplore.exe" -nohome\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => mhtmlfile\shell\open\ddeexec |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => "file://%1",,-1,,,,,\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => mhtmlfile\shell\open\ddeexec\Application |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => IExplore\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => mhtmlfile\shell\open\ddeexec\Topic |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => WWW_OpenURL\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => mhtmlfile\shell\opennew |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => &Open\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegOpenKeyExA |
Handle => 0x00000230 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegQueryValueExA |
Handle => 0x00000230 Data => C:\Program Files\Internet Explorer\iexplore.exe\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:12,265 | 588 | FindFirstFileExW |
FileName => C:\Program Files |
SUCCESS | 0x0019eeb8 | |
| 18:34:12,275 | 588 | FindFirstFileExW |
FileName => C:\Program Files\Internet Explorer |
SUCCESS | 0x0019eeb8 | |
| 18:34:12,275 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => mhtmlfile\shell\opennew\command |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => "C:\Program Files\Internet Explorer\iexplore.exe" %1\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => mhtmlfile\shell\opennew\ddeexec |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => "file://%1",,-1,,,,,\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => mhtmlfile\shell\opennew\ddeexec\IfExec |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => *\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => mhtmlfile\shell\opennew\ddeexec |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => \x00 ValueName => NoActivateHandler Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => mhtmlfile\shell\opennew\ddeexec\Application |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => IExplore\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => mhtmlfile\shell\opennew\ddeexec\Topic |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => WWW_OpenURLNewWindow\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => CLSID\{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => The Internet\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => InternetShortcut\shell\open\command |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => rundll32.exe shdocvw.dll,OpenURL %l\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => InternetShortcut\shell\open |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => {FBF23B40-E3F0-101B-8488-00AA003E56F8}\x00 ValueName => CLSID Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => InternetShortcut\shell\open |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => \x00 ValueName => LegacyDisable Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => InternetShortcut\shellex\ContextMenuHandlers\{FBF23B40-E3F0-101B-8488-00AA003E56F8} |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => \x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\shellex\MayChangeDefaultMenu |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => \x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => InternetShortcut\shellex\PropertyHandler |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => {FBF23B40-E3F0-101B-8488-00AA003E56F8}\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegOpenKeyExA |
Handle => 0x0000022c Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegQueryValueExA |
Handle => 0x0000022c Data => C:\Program Files\Internet Explorer\iexplore.exe\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegCloseKey |
Handle => 0x0000022c |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | FindFirstFileExW |
FileName => C:\Program Files |
SUCCESS | 0x0019eeb8 | |
| 18:34:12,275 | 588 | FindFirstFileExW |
FileName => C:\Program Files\Internet Explorer |
SUCCESS | 0x0019eeb8 | |
| 18:34:12,275 | 588 | RegCreateKeyExA |
Handle => 0x00000232 Access => 2 Registry => 0x80000000 Class => SubKey => Applications\iexplore.exe\shell\open\command |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegSetValueExA |
Handle => 0x00000232 Buffer => "C:\Program Files\Internet Explorer\iexplore.exe" %1\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegOpenKeyExA |
Handle => 0x00000230 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegQueryValueExA |
Handle => 0x00000230 Data => C:\Program Files\Internet Explorer\iexplore.exe\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | FindFirstFileExW |
FileName => C:\Program Files |
SUCCESS | 0x0019eeb8 | |
| 18:34:12,275 | 588 | FindFirstFileExW |
FileName => C:\Program Files\Internet Explorer |
SUCCESS | 0x0019eeb8 | |
| 18:34:12,275 | 588 | RegCreateKeyExA |
Handle => 0x0000022e Access => 2 Registry => 0x80000000 Class => SubKey => CLSID\{0002DF01-0000-0000-C000-000000000046}\LocalServer32 |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegSetValueExA |
Handle => 0x0000022e Buffer => "C:\Program Files\Internet Explorer\iexplore.exe"\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | NtOpenKey |
DesiredAccess => 2147483648 KeyHandle => 0x0000022c ObjectAttributes => \Registry\Machine\Software\Classes\CLSID\{1abcfc13-2340-11d2-b601-006097df5bd4}\InProcServer32 |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | NtQueryValueKey |
Information => C\x00:\x00\\x00W\x00I\x00N\x00D\x00O\x00W\x00S\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00m\x00s\x00i\x00e\x00f\x00t\x00p\x00.\x00d\x00l\x00l\x00\x00\x00 KeyHandle => 0x0000022c ValueName => Type => 2 |
SUCCESS | 0x00000000 | |
| 18:34:12,275 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => msieftp.dll |
FAILURE | 3221225781 | |
| 18:34:12,285 | 588 | NtCreateFile |
ShareAccess => 1 FileName => C:\WINDOWS\system32\msieftp.dll DesiredAccess => 0x80100080 CreateDisposition => 1 FileHandle => 0x0000022c |
SUCCESS | 0x00000000 | |
| 18:34:12,285 | 588 | NtCreateFile |
ShareAccess => 1 FileName => C:\SystemRoot\AppPatch\sysmain.sdb DesiredAccess => 0x80100080 CreateDisposition => 1 FileHandle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:12,285 | 588 | NtQueryInformationFile |
FileHandle => 0x00000230 FileInformation => \x00`\x12\x00\x00\x00\x00\x00VZ\x12\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:12,285 | 588 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x00000004 SectionHandle => 0x00000234 FileHandle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:12,285 | 588 | ZwMapViewOfSection |
SectionOffset => 0x00000000 SectionHandle => 0x00000234 ProcessHandle => 0xffffffff BaseAddress => 0x01020000 |
SUCCESS | 0x00000000 | |
| 18:34:12,295 | 588 | NtQueryInformationFile |
FileHandle => 0x00000230 FileInformation => \x00`\x12\x00\x00\x00\x00\x00VZ\x12\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:12,295 | 588 | NtCreateFile |
ShareAccess => 1 FileName => C:\SystemRoot\AppPatch\systest.sdb DesiredAccess => 0x80100080 CreateDisposition => 1 FileHandle => 0x00000000 |
FAILURE | 3221225524 | |
| 18:34:12,295 | 588 | NtOpenKey |
DesiredAccess => 257 KeyHandle => 0x00000000 ObjectAttributes => \Registry\Machine\System\WPA\TabletPC |
FAILURE | 3221225524 | |
| 18:34:12,295 | 588 | NtOpenKey |
DesiredAccess => 257 KeyHandle => 0x00000238 ObjectAttributes => \Registry\Machine\SYSTEM\WPA\MediaCenter |
SUCCESS | 0x00000000 | |
| 18:34:12,295 | 588 | NtQueryValueKey |
Information => 0 KeyHandle => 0x00000238 ValueName => Installed Type => 4 |
SUCCESS | 0x00000000 | |
| 18:34:12,295 | 588 | NtCreateFile |
ShareAccess => 0 FileName => C:\Device\NamedPipe\ShimViewer DesiredAccess => 0x00120116 CreateDisposition => 1 FileHandle => 0x00000000 |
FAILURE | 3221225524 | |
| 18:34:12,295 | 588 | NtOpenFile |
ShareAccess => 3 FileName => C:\WINDOWS\system32\ DesiredAccess => 0x00100001 FileHandle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:12,295 | 588 | NtQueryDirectoryFile |
FileName => msieftp.dll FileHandle => 0x00000238 FileInformation => \x00\x00\x00\x00\x00\x00\x00\x00\x00\xa0\xa1\x10'\x9e\xc8\x01\xd0\xbfXv\xe0\x91\xcf\x01\x00\xa0\xa1\x10'\x9e\xc8\x01\xc0\xa1FFoI\xcd\x01\x00\xcc\x03\x00\x00\x00\x00\x00\x00\xd0\x03\x00\x00\x00\x00\x00 \x00\x00\x00\x16\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00m\x00s\x00i\x00e\x00f\x00t\x00p\x00.\x00d\x00l\x00l\x00 |
SUCCESS | 0x00000000 | |
| 18:34:12,295 | 588 | FindFirstFileExW |
FileName => C:\WINDOWS |
SUCCESS | 0x0019eeb8 | |
| 18:34:12,295 | 588 | FindFirstFileExW |
FileName => C:\WINDOWS\system32 |
SUCCESS | 0x0019eeb8 | |
| 18:34:12,295 | 588 | FindFirstFileExW |
FileName => C:\WINDOWS\system32\msieftp.dll |
SUCCESS | 0x0019eeb8 | |
| 18:34:12,295 | 588 | NtOpenKey |
DesiredAccess => 2147483904 KeyHandle => 0x00000000 ObjectAttributes => \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers |
FAILURE | 3221225524 | |
| 18:34:12,295 | 588 | NtOpenKey |
DesiredAccess => 2147483904 KeyHandle => 0x00000000 ObjectAttributes => \REGISTRY\USER\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers |
FAILURE | 3221225524 | |
| 18:34:12,295 | 588 | NtOpenKey |
DesiredAccess => 2147483904 KeyHandle => 0x00000000 ObjectAttributes => \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\msieftp.dll |
FAILURE | 3221225524 | |
| 18:34:12,295 | 588 | NtQueryInformationFile |
FileHandle => 0x0000022c FileInformation => \x00\xa0\xa1\x10'\x9e\xc8\x01\xf0\xf7,\xe7\xe4\x91\xcf\x01\x00\xa0\xa1\x10'\x9e\xc8\x01\xc0\xa1FFoI\xcd\x01 \x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:12,295 | 588 | NtQueryInformationFile |
FileHandle => 0x0000022c FileInformation => \x00\xd0\x03\x00\x00\x00\x00\x00\x00\xcc\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:12,305 | 588 | RegOpenKeyExW |
Handle => 0x0000022c Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:12,305 | 588 | RegQueryValueExW |
Handle => 0x0000022c Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:12,305 | 588 | RegCloseKey |
Handle => 0x0000022c |
SUCCESS | 0x00000000 | |
| 18:34:12,305 | 588 | RegOpenKeyExW |
Handle => 0x0000022c Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:12,305 | 588 | RegQueryValueExW |
Handle => 0x0000022c Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:12,305 | 588 | RegCloseKey |
Handle => 0x0000022c |
SUCCESS | 0x00000000 | |
| 18:34:12,305 | 588 | RegOpenKeyExW |
Handle => 0x0000022e Registry => 0x000000e6 SubKey => CLSID\{1ABCFC13-2340-11D2-B601-006097DF5BD4} |
SUCCESS | 0x00000000 | |
| 18:34:12,305 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000022e SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:12,305 | 588 | RegOpenKeyExW |
Handle => 0x00000232 Registry => 0x000000e6 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:12,305 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,305 | 588 | RegOpenKeyExW |
Handle => 0x0000022e Registry => 0x00000232 SubKey => CLSID\{1ABCFC13-2340-11D2-B601-006097DF5BD4} |
SUCCESS | 0x00000000 | |
| 18:34:12,315 | 588 | RegOpenKeyExW |
Handle => 0x00000236 Registry => 0x0000022e SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:12,315 | 588 | RegQueryValueExW |
Handle => 0x00000236 DataLength => 1000 ValueName => InprocServer32 Type => 1568064 |
FAILURE | 0x00000002 | |
| 18:34:12,315 | 588 | RegCloseKey |
Handle => 0x00000236 |
SUCCESS | 0x00000000 | |
| 18:34:12,315 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000022e SubKey => InprocServerX86 |
FAILURE | 0x00000002 | |
| 18:34:12,315 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000022e SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:12,315 | 588 | RegOpenKeyExW |
Handle => 0x00000236 Registry => 0x0000022e SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:12,315 | 588 | RegQueryValueExW |
Handle => 0x00000236 Data => C\x00:\x00\\x00W\x00I\x00N\x00D\x00O\x00W\x00S\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00m\x00s\x00i\x00e\x00f\x00t\x00p\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:12,315 | 588 | RegCloseKey |
Handle => 0x00000236 |
SUCCESS | 0x00000000 | |
| 18:34:12,315 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000022e SubKey => InprocHandler32 |
FAILURE | 0x00000002 | |
| 18:34:12,315 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000022e SubKey => InprocHandlerX86 |
FAILURE | 0x00000002 | |
| 18:34:12,315 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000022e SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:12,315 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000022e SubKey => LocalServer |
FAILURE | 0x00000002 | |
| 18:34:12,315 | 588 | RegOpenKeyExW |
Handle => 0x00000236 Registry => 0x00000232 SubKey => CLSID\{1ABCFC13-2340-11D2-B601-006097DF5BD4} |
SUCCESS | 0x00000000 | |
| 18:34:12,315 | 588 | RegQueryValueExW |
Handle => 0x00000236 DataLength => 100 ValueName => AppID Type => 1300984 |
FAILURE | 0x00000002 | |
| 18:34:12,315 | 588 | RegCloseKey |
Handle => 0x00000236 |
SUCCESS | 0x00000000 | |
| 18:34:12,315 | 588 | RegCloseKey |
Handle => 0x0000022e |
SUCCESS | 0x00000000 | |
| 18:34:12,315 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,315 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:12,315 | 588 | RegQueryValueExW |
Handle => 0x00000230 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:12,315 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:12,315 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:12,315 | 588 | RegQueryValueExW |
Handle => 0x00000230 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:12,315 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:12,315 | 588 | RegOpenKeyExW |
Handle => 0x00000232 Registry => 0x000000e6 SubKey => CLSID\{1ABCFC13-2340-11D2-B601-006097DF5BD4} |
SUCCESS | 0x00000000 | |
| 18:34:12,315 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000232 SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:12,315 | 588 | RegOpenKeyExW |
Handle => 0x0000022e Registry => 0x000000e6 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:12,315 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,315 | 588 | RegOpenKeyExW |
Handle => 0x00000232 Registry => 0x0000022e SubKey => CLSID\{1ABCFC13-2340-11D2-B601-006097DF5BD4} |
SUCCESS | 0x00000000 | |
| 18:34:12,315 | 588 | RegOpenKeyExW |
Handle => 0x00000236 Registry => 0x00000232 SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:12,315 | 588 | RegQueryValueExW |
Handle => 0x00000236 DataLength => 1000 ValueName => InprocServer32 Type => 1567048 |
FAILURE | 0x00000002 | |
| 18:34:12,315 | 588 | RegCloseKey |
Handle => 0x00000236 |
SUCCESS | 0x00000000 | |
| 18:34:12,315 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000232 SubKey => InprocServerX86 |
FAILURE | 0x00000002 | |
| 18:34:12,315 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000232 SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:12,315 | 588 | RegOpenKeyExW |
Handle => 0x00000236 Registry => 0x00000232 SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:12,315 | 588 | RegQueryValueExW |
Handle => 0x00000236 Data => C\x00:\x00\\x00W\x00I\x00N\x00D\x00O\x00W\x00S\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00m\x00s\x00i\x00e\x00f\x00t\x00p\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:12,325 | 588 | RegCloseKey |
Handle => 0x00000236 |
SUCCESS | 0x00000000 | |
| 18:34:12,325 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000232 SubKey => InprocHandler32 |
FAILURE | 0x00000002 | |
| 18:34:12,325 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000232 SubKey => InprocHandlerX86 |
FAILURE | 0x00000002 | |
| 18:34:12,325 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000232 SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:12,325 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000232 SubKey => LocalServer |
FAILURE | 0x00000002 | |
| 18:34:12,325 | 588 | RegOpenKeyExW |
Handle => 0x00000236 Registry => 0x0000022e SubKey => CLSID\{1ABCFC13-2340-11D2-B601-006097DF5BD4} |
SUCCESS | 0x00000000 | |
| 18:34:12,325 | 588 | RegQueryValueExW |
Handle => 0x00000236 DataLength => 100 ValueName => AppID Type => 1300900 |
FAILURE | 0x00000002 | |
| 18:34:12,325 | 588 | RegCloseKey |
Handle => 0x00000236 |
SUCCESS | 0x00000000 | |
| 18:34:12,325 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,325 | 588 | RegOpenKeyExW |
Handle => 0x00000232 Registry => 0x0000022e SubKey => CLSID\{1ABCFC13-2340-11D2-B601-006097DF5BD4} |
SUCCESS | 0x00000000 | |
| 18:34:12,325 | 588 | RegOpenKeyExW |
Handle => 0x00000236 Registry => 0x00000232 SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:12,325 | 588 | RegQueryValueExW |
Handle => 0x00000236 Data => A\x00p\x00a\x00r\x00t\x00m\x00e\x00n\x00t\x00\x00\x00 ValueName => ThreadingModel |
SUCCESS | 0x00000000 | |
| 18:34:12,325 | 588 | RegCloseKey |
Handle => 0x00000236 |
SUCCESS | 0x00000000 | |
| 18:34:12,325 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:12,325 | 588 | RegOpenKeyExW |
Handle => 0x00000232 Registry => 0x80000000 SubKey => CLSID\{1ABCFC13-2340-11D2-B601-006097DF5BD4} |
SUCCESS | 0x00000000 | |
| 18:34:12,325 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000232 SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:12,325 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:13,947 | 588 | LdrLoadDll |
Flags => 1297760 BaseAddress => 0x66400000 FileName => C:\WINDOWS\system32\msieftp.dll |
SUCCESS | 0x00000000 | |
| 18:34:13,947 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DllGetClassObject FunctionAddress => 0x66405634 ModuleHandle => 0x66400000 |
SUCCESS | 0x00000000 | |
| 18:34:13,947 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DllCanUnloadNow FunctionAddress => 0x664055a5 ModuleHandle => 0x66400000 |
SUCCESS | 0x00000000 | |
| 18:34:13,947 | 588 | LdrLoadDll |
Flags => 1298356 BaseAddress => 0x7e290000 FileName => shdocvw.dll |
SUCCESS | 0x00000000 | |
| 18:34:13,947 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DllGetVersion FunctionAddress => 0x7e35ee32 ModuleHandle => 0x7e290000 |
SUCCESS | 0x00000000 | |
| 18:34:13,947 | 588 | LdrLoadDll |
Flags => 1298500 BaseAddress => 0x66400000 FileName => msieftp.dll |
SUCCESS | 0x00000000 | |
| 18:34:13,947 | 588 | RegOpenKeyExW |
Handle => 0x00000232 Registry => 0x80000000 SubKey => ftp |
SUCCESS | 0x00000000 | |
| 18:34:13,957 | 588 | RegQueryValueExW |
Handle => 0x00000232 Data => {\x006\x003\x00d\x00a\x006\x00e\x00c\x000\x00-\x002\x00e\x009\x008\x00-\x001\x001\x00c\x00f\x00-\x008\x00d\x008\x002\x00-\x004\x004\x004\x005\x005\x003\x005\x004\x000\x000\x000\x000\x00}\x00\x00\x00 ValueName => ShellFolder |
SUCCESS | 0x00000000 | |
| 18:34:13,957 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:13,957 | 588 | LdrGetDllHandle |
ModuleHandle => 0x66400000 FileName => MSIEFTP.DLL |
SUCCESS | 0x00000000 | |
| 18:34:13,957 | 588 | LdrLoadDll |
Flags => 1301812 BaseAddress => 0x75260000 FileName => ADVPACK.DLL |
SUCCESS | 0x00000000 | |
| 18:34:13,957 | 588 | LdrLoadDll |
Flags => 1301480 BaseAddress => 0x75260000 FileName => ADVPACK.DLL |
SUCCESS | 0x00000000 | |
| 18:34:13,977 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RegInstall FunctionAddress => 0x752649ce ModuleHandle => 0x75260000 |
SUCCESS | 0x00000000 | |
| 18:34:14,007 | 588 | DeleteFileA |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\TMP4352$.TMP |
FAILURE | 0x00000000 | |
| 18:34:14,007 | 588 | NtCreateFile |
ShareAccess => 0 FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\TMP4352$.TMP DesiredAccess => 0x40110080 CreateDisposition => 2 FileHandle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,007 | 588 | NtCreateFile |
ShareAccess => 0 FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\RGI1.tmp DesiredAccess => 0x80100080 CreateDisposition => 2 FileHandle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,007 | 588 | NtCreateFile |
ShareAccess => 0 FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\RGI1.tmp DesiredAccess => 0x40100080 CreateDisposition => 5 FileHandle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,007 | 588 | NtWriteFile |
Buffer => ; Microsoft Internet Explorer FTP Folder
;
; Copyright 1995-99 Microsoft Corporation. All Rights Reserved.
;
[Version]
Signature="$CHICAGO$"
AdvancedINF=2.0
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Warning: Because of the use of Backup FileHandle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,017 | 588 | NtCreateFile |
ShareAccess => 7 FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\RGI1.tmp DesiredAccess => 0xc0100000 CreateDisposition => 3 FileHandle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,017 | 588 | NtQueryInformationFile |
FileHandle => 0x00000238 FileInformation => \x00 \x00\x00\x00\x00\x00\x00\x80\x18\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:14,017 | 588 | NtReadFile |
Buffer => ; Microsoft Internet Explorer FTP Folder
;
; Copyright 1995-99 Microsoft Corporation. All Rights Reserved.
;
[Version]
Signature="$CHICAGO$"
AdvancedINF=2.0
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Warning: Because of the use of Backup FileHandle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,017 | 588 | NtWriteFile |
Buffer => _MOD_PATH="C:\WINDOWS\system32\msieftp.dll"
FileHandle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,017 | 588 | NtSetInformationFile |
FileHandle => 0x00000238 FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:14,017 | 588 | NtFreeVirtualMemory |
FreeType => 0x00008000 ProcessHandle => 0xffffffff RegionSize => 0x00102000 BaseAddress => 0x01020000 |
SUCCESS | 0x00000000 | |
| 18:34:14,017 | 588 | NtCreateFile |
ShareAccess => 7 FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\RGI1.tmp DesiredAccess => 0xc0100000 CreateDisposition => 3 FileHandle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,017 | 588 | NtQueryInformationFile |
FileHandle => 0x00000238 FileInformation => \x00 \x00\x00\x00\x00\x00\x00\xad\x18\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:14,017 | 588 | NtReadFile |
Buffer => ; Microsoft Internet Explorer FTP Folder
;
; Copyright 1995-99 Microsoft Corporation. All Rights Reserved.
;
[Version]
Signature="$CHICAGO$"
AdvancedINF=2.0
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Warning: Because of the use of Backup FileHandle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,017 | 588 | NtWriteFile |
Buffer => _SYS_MOD_PATH="%SystemRoot%\system32\msieftp.dll"
FileHandle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,017 | 588 | NtSetInformationFile |
FileHandle => 0x00000238 FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:14,017 | 588 | NtFreeVirtualMemory |
FreeType => 0x00008000 ProcessHandle => 0xffffffff RegionSize => 0x00102000 BaseAddress => 0x01020000 |
SUCCESS | 0x00000000 | |
| 18:34:14,017 | 588 | NtCreateFile |
ShareAccess => 7 FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\RGI1.tmp DesiredAccess => 0xc0100000 CreateDisposition => 3 FileHandle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,017 | 588 | NtQueryInformationFile |
FileHandle => 0x00000238 FileInformation => \x00 \x00\x00\x00\x00\x00\x00\xe0\x18\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:14,017 | 588 | NtReadFile |
Buffer => ; Microsoft Internet Explorer FTP Folder
;
; Copyright 1995-99 Microsoft Corporation. All Rights Reserved.
;
[Version]
Signature="$CHICAGO$"
AdvancedINF=2.0
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Warning: Because of the use of Backup FileHandle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,017 | 588 | NtWriteFile |
Buffer => THISDLL="C:\WINDOWS\system32\msieftp.dll"
FileHandle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,027 | 588 | NtSetInformationFile |
FileHandle => 0x00000238 FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:14,027 | 588 | NtFreeVirtualMemory |
FreeType => 0x00008000 ProcessHandle => 0xffffffff RegionSize => 0x00102000 BaseAddress => 0x01020000 |
SUCCESS | 0x00000000 | |
| 18:34:14,027 | 588 | LdrLoadDll |
Flags => 1299972 BaseAddress => 0x77920000 FileName => C:\WINDOWS\system32\SETUPAPI.DLL |
SUCCESS | 0x00000000 | |
| 18:34:14,037 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetupGetStringFieldA FunctionAddress => 0x7792a940 ModuleHandle => 0x77920000 |
SUCCESS | 0x00000000 | |
| 18:34:14,037 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetupDefaultQueueCallbackA FunctionAddress => 0x77970c11 ModuleHandle => 0x77920000 |
SUCCESS | 0x00000000 | |
| 18:34:14,037 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetupInstallFromInfSectionA FunctionAddress => 0x7797fa19 ModuleHandle => 0x77920000 |
SUCCESS | 0x00000000 | |
| 18:34:14,037 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetupOpenInfFileA FunctionAddress => 0x779306b6 ModuleHandle => 0x77920000 |
SUCCESS | 0x00000000 | |
| 18:34:14,037 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetupOpenAppendInfFileA FunctionAddress => 0x77987245 ModuleHandle => 0x77920000 |
SUCCESS | 0x00000000 | |
| 18:34:14,037 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetupCloseInfFile FunctionAddress => 0x77986ce9 ModuleHandle => 0x77920000 |
SUCCESS | 0x00000000 | |
| 18:34:14,037 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetupInitDefaultQueueCallbackEx FunctionAddress => 0x77970ad4 ModuleHandle => 0x77920000 |
SUCCESS | 0x00000000 | |
| 18:34:14,037 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetupTermDefaultQueueCallback FunctionAddress => 0x77970b98 ModuleHandle => 0x77920000 |
SUCCESS | 0x00000000 | |
| 18:34:14,037 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetupSetDirectoryIdA FunctionAddress => 0x77979287 ModuleHandle => 0x77920000 |
SUCCESS | 0x00000000 | |
| 18:34:14,037 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetupGetLineTextA FunctionAddress => 0x77987af1 ModuleHandle => 0x77920000 |
SUCCESS | 0x00000000 | |
| 18:34:14,037 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetupGetLineByIndexA FunctionAddress => 0x7798001b ModuleHandle => 0x77920000 |
SUCCESS | 0x00000000 | |
| 18:34:14,037 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetupFindFirstLineA FunctionAddress => 0x7792a7b8 ModuleHandle => 0x77920000 |
SUCCESS | 0x00000000 | |
| 18:34:14,037 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetupFindNextLine FunctionAddress => 0x7797ff9d ModuleHandle => 0x77920000 |
SUCCESS | 0x00000000 | |
| 18:34:14,037 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetupOpenFileQueue FunctionAddress => 0x77968335 ModuleHandle => 0x77920000 |
SUCCESS | 0x00000000 | |
| 18:34:14,037 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetupCloseFileQueue FunctionAddress => 0x77968461 ModuleHandle => 0x77920000 |
SUCCESS | 0x00000000 | |
| 18:34:14,037 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetupQueueCopyA FunctionAddress => 0x7796b203 ModuleHandle => 0x77920000 |
SUCCESS | 0x00000000 | |
| 18:34:14,037 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetupCommitFileQueueA FunctionAddress => 0x7796fc29 ModuleHandle => 0x77920000 |
SUCCESS | 0x00000000 | |
| 18:34:14,037 | 588 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\RGI1.tmp |
SUCCESS | 0x0019eeb8 | |
| 18:34:14,037 | 588 | LdrLoadDll |
Flags => 1297892 BaseAddress => 0x75150000 FileName => Cabinet.dll |
SUCCESS | 0x00000000 | |
| 18:34:14,037 | 588 | LdrGetProcedureAddress |
Ordinal => 20 FunctionName => FunctionAddress => 0x751512d6 ModuleHandle => 0x75150000 |
SUCCESS | 0x00000000 | |
| 18:34:14,037 | 588 | NtCreateFile |
ShareAccess => 1 FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\RGI1.PNF DesiredAccess => 0x80100080 CreateDisposition => 1 FileHandle => 0x00000000 |
FAILURE | 3221225524 | |
| 18:34:14,037 | 588 | NtCreateFile |
ShareAccess => 1 FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\RGI1.tmp DesiredAccess => 0x80100080 CreateDisposition => 1 FileHandle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,037 | 588 | NtQueryInformationFile |
FileHandle => 0x00000230 FileInformation => \x00 \x00\x00\x00\x00\x00\x00\x0b\x19\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:14,037 | 588 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0005 SectionHandle => 0x00000238 FileHandle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,037 | 588 | ZwMapViewOfSection |
SectionOffset => 0x0013cefc SectionHandle => 0x00000238 ProcessHandle => 0xffffffff BaseAddress => 0x00f70000 |
SUCCESS | 0x00000000 | |
| 18:34:14,037 | 588 | NtCreateMutant |
Handle => 0x00000238 InitialOwner => 0 MutexName => |
SUCCESS | 0x00000000 | |
| 18:34:14,047 | 588 | LdrLoadDll |
Flags => 1297184 BaseAddress => 0x77920000 FileName => C:\WINDOWS\system32\SETUPAPI.DLL |
SUCCESS | 0x00000000 | |
| 18:34:14,047 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetupGetStringFieldA FunctionAddress => 0x7792a940 ModuleHandle => 0x77920000 |
SUCCESS | 0x00000000 | |
| 18:34:14,047 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetupDefaultQueueCallbackA FunctionAddress => 0x77970c11 ModuleHandle => 0x77920000 |
SUCCESS | 0x00000000 | |
| 18:34:14,047 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetupInstallFromInfSectionA FunctionAddress => 0x7797fa19 ModuleHandle => 0x77920000 |
SUCCESS | 0x00000000 | |
| 18:34:14,047 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetupOpenInfFileA FunctionAddress => 0x779306b6 ModuleHandle => 0x77920000 |
SUCCESS | 0x00000000 | |
| 18:34:14,047 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetupOpenAppendInfFileA FunctionAddress => 0x77987245 ModuleHandle => 0x77920000 |
SUCCESS | 0x00000000 | |
| 18:34:14,047 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetupCloseInfFile FunctionAddress => 0x77986ce9 ModuleHandle => 0x77920000 |
SUCCESS | 0x00000000 | |
| 18:34:14,047 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetupInitDefaultQueueCallbackEx FunctionAddress => 0x77970ad4 ModuleHandle => 0x77920000 |
SUCCESS | 0x00000000 | |
| 18:34:14,047 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetupTermDefaultQueueCallback FunctionAddress => 0x77970b98 ModuleHandle => 0x77920000 |
SUCCESS | 0x00000000 | |
| 18:34:14,047 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetupSetDirectoryIdA FunctionAddress => 0x77979287 ModuleHandle => 0x77920000 |
SUCCESS | 0x00000000 | |
| 18:34:14,047 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetupGetLineTextA FunctionAddress => 0x77987af1 ModuleHandle => 0x77920000 |
SUCCESS | 0x00000000 | |
| 18:34:14,047 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetupGetLineByIndexA FunctionAddress => 0x7798001b ModuleHandle => 0x77920000 |
SUCCESS | 0x00000000 | |
| 18:34:14,047 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetupFindFirstLineA FunctionAddress => 0x7792a7b8 ModuleHandle => 0x77920000 |
SUCCESS | 0x00000000 | |
| 18:34:14,047 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetupFindNextLine FunctionAddress => 0x7797ff9d ModuleHandle => 0x77920000 |
SUCCESS | 0x00000000 | |
| 18:34:14,047 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetupOpenFileQueue FunctionAddress => 0x77968335 ModuleHandle => 0x77920000 |
SUCCESS | 0x00000000 | |
| 18:34:14,047 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetupCloseFileQueue FunctionAddress => 0x77968461 ModuleHandle => 0x77920000 |
SUCCESS | 0x00000000 | |
| 18:34:14,047 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetupQueueCopyA FunctionAddress => 0x7796b203 ModuleHandle => 0x77920000 |
SUCCESS | 0x00000000 | |
| 18:34:14,047 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetupCommitFileQueueA FunctionAddress => 0x7796fc29 ModuleHandle => 0x77920000 |
SUCCESS | 0x00000000 | |
| 18:34:14,047 | 588 | FindFirstFileExW |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\RGI1.tmp |
SUCCESS | 0x0019eeb8 | |
| 18:34:14,047 | 588 | NtCreateFile |
ShareAccess => 1 FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\RGI1.PNF DesiredAccess => 0x80100080 CreateDisposition => 1 FileHandle => 0x00000000 |
FAILURE | 3221225524 | |
| 18:34:14,047 | 588 | NtCreateFile |
ShareAccess => 1 FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\RGI1.tmp DesiredAccess => 0x80100080 CreateDisposition => 1 FileHandle => 0x0000023c |
SUCCESS | 0x00000000 | |
| 18:34:14,047 | 588 | NtQueryInformationFile |
FileHandle => 0x0000023c FileInformation => \x00 \x00\x00\x00\x00\x00\x00\x0b\x19\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:14,047 | 588 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0005 SectionHandle => 0x00000240 FileHandle => 0x0000023c |
SUCCESS | 0x00000000 | |
| 18:34:14,047 | 588 | ZwMapViewOfSection |
SectionOffset => 0x0013c418 SectionHandle => 0x00000240 ProcessHandle => 0xffffffff BaseAddress => 0x00f70000 |
SUCCESS | 0x00000000 | |
| 18:34:14,057 | 588 | NtCreateMutant |
Handle => 0x00000240 InitialOwner => 0 MutexName => |
SUCCESS | 0x00000000 | |
| 18:34:14,057 | 588 | RegOpenKeyExA |
Handle => 0x00000244 Registry => 0x80000002 SubKey => System\CurrentControlSet\Control\Session Manager |
SUCCESS | 0x00000000 | |
| 18:34:14,057 | 588 | RegQueryValueExA |
Handle => 0x00000244 DataLength => 0 ValueName => PendingFileRenameOperations Type => 580 |
FAILURE | 0x00000002 | |
| 18:34:14,057 | 588 | RegCloseKey |
Handle => 0x00000244 |
SUCCESS | 0x00000000 | |
| 18:34:14,057 | 588 | NtCreateMutant |
Handle => 0x0000024c InitialOwner => 0 MutexName => |
SUCCESS | 0x00000000 | |
| 18:34:14,057 | 588 | NtCreateMutant |
Handle => 0x00000254 InitialOwner => 0 MutexName => |
SUCCESS | 0x00000000 | |
| 18:34:14,107 | 588 | RegOpenKeyExW |
Handle => 0x00000258 Registry => 0x80000002 SubKey => Software\Microsoft\Driver Signing |
SUCCESS | 0x00000000 | |
| 18:34:14,107 | 588 | RegQueryValueExW |
Handle => 0x00000258 Data => ValueName => Policy |
SUCCESS | 0x00000000 | |
| 18:34:14,107 | 588 | RegCloseKey |
Handle => 0x00000258 |
SUCCESS | 0x00000000 | |
| 18:34:14,107 | 588 | RegOpenKeyExW |
Handle => 0x00000258 Registry => 0x80000002 SubKey => Software\Microsoft\Non-Driver Signing |
SUCCESS | 0x00000000 | |
| 18:34:14,107 | 588 | RegQueryValueExW |
Handle => 0x00000258 Data => ValueName => Policy |
SUCCESS | 0x00000000 | |
| 18:34:14,107 | 588 | RegCloseKey |
Handle => 0x00000258 |
SUCCESS | 0x00000000 | |
| 18:34:14,107 | 588 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x00000258 ObjectAttributes => \REGISTRY\USER\S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 18:34:14,107 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x00000258 SubKey => SOFTWARE\Microsoft\Cryptography\Providers\Type 001 |
FAILURE | 0x00000002 | |
| 18:34:14,107 | 588 | RegOpenKeyExA |
Handle => 0x00000258 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Cryptography\Defaults\Provider Types\Type 001 |
SUCCESS | 0x00000000 | |
| 18:34:14,107 | 588 | RegQueryValueExA |
Handle => 0x00000258 DataLength => 40 ValueName => Name Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:14,107 | 588 | RegQueryValueExA |
Handle => 0x00000258 Data => Microsoft Strong Cryptographic Provider\x00 ValueName => Name |
SUCCESS | 0x00000000 | |
| 18:34:14,107 | 588 | RegCloseKey |
Handle => 0x00000258 |
SUCCESS | 0x00000000 | |
| 18:34:14,107 | 588 | RegOpenKeyExA |
Handle => 0x00000258 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Cryptography\Defaults\Provider\Microsoft Strong Cryptographic Provider |
SUCCESS | 0x00000000 | |
| 18:34:14,107 | 588 | RegQueryValueExA |
Handle => 0x00000258 Data => 1 ValueName => Type |
SUCCESS | 0x00000000 | |
| 18:34:14,107 | 588 | RegQueryValueExA |
Handle => 0x00000258 DataLength => 11 ValueName => Image Path Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:14,107 | 588 | RegQueryValueExA |
Handle => 0x00000258 Data => rsaenh.dll\x00 ValueName => Image Path |
SUCCESS | 0x00000000 | |
| 18:34:14,107 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => rsaenh.dll |
FAILURE | 3221225781 | 1 time |
| 18:34:14,107 | 588 | NtCreateFile |
ShareAccess => 1 FileName => C:\WINDOWS\system32\rsaenh.dll DesiredAccess => 0x80100080 CreateDisposition => 1 FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,107 | 588 | NtQueryInformationFile |
FileHandle => 0x0000025c FileInformation => \x000\x03\x00\x00\x00\x00\x00\x00.\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:14,107 | 588 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0005 SectionHandle => 0x00000260 FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,107 | 588 | ZwMapViewOfSection |
SectionOffset => 0x0013c54c SectionHandle => 0x00000260 ProcessHandle => 0xffffffff BaseAddress => 0x00f70000 |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtCreateFile |
ShareAccess => 1 FileName => C:\WINDOWS\system32\rsaenh.dll DesiredAccess => 0x80100080 CreateDisposition => 1 FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0005 SectionHandle => 0x00000260 FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | ZwMapViewOfSection |
SectionOffset => 0x0013c5b0 SectionHandle => 0x00000260 ProcessHandle => 0xffffffff BaseAddress => 0x00f70000 |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtReadFile |
Buffer => MZ\x90\x00\x03\x00\x00\x00\x04\x00\x00\x00\xff\xff\x00\x00\xb8\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf8\x00\x00\x00\x0e\x1f\xba\x0e\x00\xb4 \xcd!\xb8\x01L\xcd!This program cannot be run in DOS mode.
$\x00\x00\x00\x00\x00\x00\x00\x14_\xd9\x13P>\xb7@P>\xb7@P>\xb7@w\xf8\xda@H>\xb7@\x931\xb8@Y>\xb7@P>\xb6@\xc5>\xb7@\x931\xea@[>\xb7@\x931\xeb@Q>\xb7@\x931\xe9@Q>\xb7@\x931\xd7@Q>\xb7@\x931\xe8@\x7f>\xb7@\x931\xed@Q>\xb7@RichP>\xb7@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00PE\x00\x00L\x01\x04\x00 FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtQueryInformationFile |
FileHandle => 0x0000025c FileInformation => P\x01\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtSetInformationFile |
FileHandle => 0x0000025c FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtReadFile |
Buffer => \x03\x00\x00\x00\x00\x00\x04\x00\x00\x10\x00\x00\x00\x00\x10\x00\x00\x10\x00\x00\x00\x00\x00\x00\x10\x00\x00\x000\xea\x02\x00\xbb\x02\x00\x00\xc4\xdd\x02\x00x\x00\x00\x00\x000\x03\x00P\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x03\x00\xc8\x10\x00\x00@\x12\x00\x00\x1c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10e\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x008\x02\x00\x00\xbc\xdb\x02\x00\xe0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00.text\x00\x00\x00\xeb\xdc\x02\x00\x00\x10\x00\x00\x00\xde\x02\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00`.data\x00\x00\x00 0\x00\x00\x00\xf0\x02\x00\x00*\x00\x00\x00\xe2\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\xc0.rsrc\x00\x00\x00P\x0c\x00\x00\x000\x03\x00\x00\x0e\x00\x00 FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtReadFile |
Buffer => \x00\x04\x00\x08\x00\x00\x00\x08\x00\x04\x01\x00 \x04\x01\x08\x00\x00\x00\x00 \x04\x01\x00\x00\x00\x00\x08\x00\x04\x00\x00 \x00\x01\x00 \x04\x00\x08\x00\x04\x00\x00\x00\x00\x00\x00 \x04\x01\x08 \x00\x01\x08\x00\x04\x01\x08 \x04\x00\x00\x00\x00\x01\x00\x00\x04\x01\x00 \x00\x01\x08\x00\x04\x00\x08 \x04\x00\x00 \x00\x00\x00 \x04\x01\x00\x00\x00\x01\x08 \x00\x00\x08@\x00\x00\x80@\x00 \x00\x00\x00\x00\x00\x00 \x80@\x00 \x00\x00 \x00\x00@ \x00\x80\x00\x00 \x00@ \x00\x00@ \x80\x00 \x00\x00\x00\x00\x80\x00 \x00\x80@\x00\x00\x80\x00\x00 \x80@ \x00\x00\x00 \x00@ \x00\x80@\x00 \x80\x00\x00\x00\x00\x00 \x00\x00@\x00\x00\x00\x00 \x80@\x00 \x80@ \x80\x00\x00 \x80\x00\x00\x00\x80@ \x00\x00@\x00\x00\x00\x00 \x00@ \x00\x00 \x00\x80@ \x00\x00\x00\x00\x00\x80\x00 \x00\x80@ \x00\x00 \x80@\x00 \x00\x00\x00\x00\x00 FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtReadFile |
Buffer => '\x9e\x9e\xb9\xd9\xe1\xe18\xeb\xf8\xf8\x13+\x98\x98\xb3"\x11\x113\xd2ii\xbb\xa9\xd9\xd9p\x07\x8e\x8e\x893\x94\x94\xa7-\x9b\x9b\xb6<\x1e\x1e"\x15\x87\x87\x92\xc9\xe9\xe9 \x87\xce\xceI\xaaUU\xffP((x\xa5\xdf\xdfz\x03\x8c\x8c\x8fY\xa1\xa1\xf8 \x89\x89\x80\x1a
\x17e\xbf\xbf\xda\xd7\xe6\xe61\x84BB\xc6\xd0hh\xb8\x82AA\xc3)\x99\x99\xb0Z--w\x1e\x0f\x0f\x11{\xb0\xb0\xcb\xa8TT\xfcm\xbb\xbb\xd6,\x16\x16:\xa5\xc6cc\x84\xf8||\x99\xeeww\x8d\xf6{{
\xff\xf2\xf2\xbd\xd6kk\xb1\xdeooT\x91\xc5\xc5P`00\x03\x02\x01\x01\xa9\xcegg}V++\x19\xe7\xfe\xfeb\xb5\xd7\xd7\xe6M\xab\xab\x9a\xecvvE\x8f\xca\xca\x9d\x1f\x82\x82@\x89\xc9\xc9\x87\xfa}}\x15\xef\xfa\xfa\xeb\xb2YY\xc9\x8eGG\x0b\xfb\xf0\xf0\xecA\xad\xadg\xb3\xd4\xd4\xfd_\xa2\xa2\xeaE\xaf\xaf\xbf#\x9c\x9c\xf7S\xa4\xa4\x96\xe4rr FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtReadFile |
Buffer => m\xd6G\x13\x9a\xd7a\x8c7\xa1\x0czY\xf8\x14\x8e\xeb\x13<\x89\xce\xa9'\xee\xb7a\xc95\xe1\x1c\xe5\xedzG\xb1<\x9c\xd2\xdfYU\xf2s?\x18\x14\xceys\xc77\xbfS\xf7\xcd\xea_\xfd\xaa[\xdf=o\x14xD\xdb\x86\xca\xaf\xf3\x81\xb9h\xc4>8$4,\xc2\xa3@_\x16\x1d\xc3r\xbc\xe2%\x0c(<I\x8b\xff
\x95A9\xa8\x01q\x08\x0c\xb3\xde\xd8\xb4\xe4\x9cdV\xc1\x90{\xcb\x84a\xd52\xb6pHl\t\xd0\xb8WBPQ\xf4\xa7S~Ae\xc3\x1a\x17\xa4\x96:'^\xcb;\xabk\xf1\x1f\x9dE\xab\xac\xfaX\x93K\xe3\x03U 0\xfa\xf6\xadvm\x91\x88\xccv%\xf5\x02L\xfcO\xe5\xd7\xd7\xc5*\xcb\x80&5D\x8f\xb5b\xa3I\xde\xb1Zg%\xba\x1b\x98E\xea\x0e\xe1]\xfe\xc0\x02\xc3/u\x12\x81L\xf0\xa3\x8dF\x97\xc6k\xd3\xf9\xe7\x03\x8f_\x95\x15\x92\x9c\xeb\xbfmz\xda\x95RY-\xd4\xbe\x83\xd3Xt!)I\xe0i FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtReadFile |
Buffer => \xfb\x0bA.\x9a\xd7a\x8c\x94\xdel\x87\x86\xc5{\x9a\x88\xccv\x91\xa2\xf3U\xa0\xac\xfaX\xab\xbe\xe1O\xb6\xb0\xe8B\xbd\xea\x9f \xd4\xe4\x96\x04\xdf\xf6\x8d\x13\xc2\xf8\x84\x1e\xc9\xd2\xbb=\xf8\xdc\xb20\xf3\xce\xa9'\xee\xc0\xa0*\xe5zG\xb1<tN\xbc7fU\xab*h\\xa6!Bc\x85\x10Lj\x88\x1b^q\x9f\x06Px\x92
\x0f\xd9d\x04\x06\xd4o\x16\x1d\xc3r\x18\x14\xcey2+\xedH<"\xe0C.9\xf7^ 0\xfaU\xec\x9a\xb7\x01\xe2\x93\xba
\xf0\x88\xad\x17\xfe\x81\xa0\x1c\xd4\xbe\x83-\xda\xb7\x8e&\xc8\xac\x99;\xc6\xa5\x940\x9c\xd2\xdfY\x92\xdb\xd2R\x80\xc0\xc5O\x8e\xc9\xc8D\xa4\xf6\xebu\xaa\xff\xe6~\xb8\xe4\xf1c\xb6\xed\xfch\x0c
g\xb1\x02\x03j\xba\x10\x18}\xa7\x1e\x11p\xac4.S\x9d:'^\x96(<I\x8b&5D\x80|B\x0f\xe9rK\x02\xe2`P\x15\xffnY\x18\xf4Df;\xc5Jo6\xceXt!\xd3 FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtReadFile |
Buffer => \xce>'\xca\x07\xc2\xc0!\xc7\xb8\x86\xd1\x1e\xeb\xe0\xcd\xd6}\xda\xeax\xd1n\xee\x7fO}\xf5\xbao\x17r\xaag\xf0\x06\xa6\x98\xc8\xa2\xc5}c
\xae
\xf9\xbe\x04\x98?\x11\x1bG\x1c\x135\x0bq\x1b\x84}\x04#\xf5w\xdb(\x93$\xc7@{\xab\xca2\xbc\xbe\xc9\x15
\xbe\x9e<L
\x10\x9c\xc4g\x1dC\xb6B>\xcb\xbe\xd4\xc5L*~e\xfc\x9c)\x7fY\xec\xfa\xd6:\xabo\xcb_\x17XGJ\x8c\x19Dl\x98/\x8aB\x91D7q\xcf\xfb\xc0\xb5\xa5\xdb\xb5\xe9[\xc2V9\xf1\x11\xf1Y\xa4\x82?\x92\xd5^\x1c\xab\x98\xaa\x07\xd8\x01[\x83\x12\xbe\x851$\xc3}\x0cUt]\xber\xfe\xb1\xde\x80\xa7\x06\xdc\x9bt\xf1\x9b\xc1\xc1i\x9b\xe4\x86G\xbe\xef\xc6\x9d\xc1\x0f\xcc\xa1\x0c$o,\xe9-\xaa\x84tJ\xdc\xa9\xb0\\xda\x88\xf9vRQ>\x98m\xc61\xa8\xc8'\x03\xb0\xc7\x7fY\xbf\xf3\x0b\xe0\xc6G\x91\xa7\xd5Qc\xca\x06g))\x14\x85
\xb7' FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtReadFile |
Buffer => \x00\x00\x00\xffu\x18\xffu\x14\xffu\x10\xffvxVh\x90\x98\x01h\xe8\xcb\xf9\xff\xff\x85\xc0\x0f\x85\xc0\x00\x00\x009E\x10\x0f\x84\xb5\x00\x00\x00\x8bE\x0c\x85\xc0\x0f\x84\xaa\x00\x00\x00\x81x\x04\x05\x80\x00\x00\x0f\x85\x9d\x00\x00\x00\x83~`\x01\x0f\x85\x93\x00\x00\x00\x8bNxW\x8bx\x10\x8b\xd1\x83\xc7\x04\xc1\xe9\x02\x83\xc6,\xf3\xa5\x8b\xca\x83\xe1\x03\xf3\xa4_\xebq\xb8\x08\x00 \x80\xebp\xffu\x18\xffu\x14\xffu\x10j\x08Vh\xa0t\x01h\xeb$\xffu\x18\xffu\x14\xffu\x10j\x08Vh\xd0f\x01h\xeb\x11\xffu\x18\xffu\x14\xffu\x10j\x08Vh V\x01h\xe87\xf9\xff\xff\x85\xc0u09E\x10t)\x8bE\x0c\x85\xc0t"\x81x\x04\x05\x80\x00\x00u\x19\x83~`\x01u\x13\x8bV,\x8bH\x10\x89Q\x04\x8bV0\x89Q\x08\x83H4\x013\xc0^]\xc2\x14\x00\xcc\xcc\xcc\xcc\xcc\x8b\xffU\x8b\xec\x83\xec\x14V3\xf6\xf7E\x18\xbf\xff\xff\xff\x89u FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtReadFile |
Buffer => v\x81\xf9\x02f\x00\x00tX\x81\xf9\x03f\x00\x00t:\x81\xf9 f\x00\x00t2\x81\xf9
f\x00\x00vl\x81\xf9\x10f\x00\x00wd\xffu\x14\x8dM\xf0Q\xffu\xf4j\x00\xffpxPh\x90\x98\x01h\xe8\xfe\xe7\xff\xff\x85\xc0tF\x8b\xf0\xebf\xffu\x14\x8dM\xf0Q\xffu\xf4j\x00j\x08Ph\xa0t\x01h\xeb\xdd\xffu\x14\x8dM\xf0Q\xffu\xf4j\x00j\x08Ph\xd0f\x01h\xeb\xc7\xffu\x14\x8dM\xf0Q\xffu\xf4j\x00j\x08Ph V\x01h\xeb\xb1\x8bu\xf0\x8bE\x10\x8bU\xec\x03\xf2\x8b\xc8\x8b\xd1\xc1\xe9\x02\x8d{\x14\xf3\xa5\x8b\xca\x83\xe1\x03\xf3\xa4\x89\x033\xff3\xf6\x83}\xf4\x00t\x08\xffu\xf4\xe8\xf0\xa0\x01\x00\x8bE\xfc\x85\xc0t\x12\x83\xc0\xf8\x818Heapu\x07P\xff\x15\x1c \x03h\x8bE\xf8\x85\xc0t\x12\x83\xc0\xf8\x818Heapu\x07P\xff\x15\x1c \x03h\x8b\xc6\x8de\xe0_^[\xc9\xc2\x10\x00\xcc\xcc\xcc FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtReadFile |
Buffer => \xe9\x02\xf3\xa5\x8b\xc8\x8bE\xfc\x83\xe1\x03\xf3\xa4\x8bu\x08\x03\xc3\x01E\x14\x8b}\x14\x8b\xcb\x8b\xc1\xc1\xe9\x02\xf3\xa5\x8b\xc8\x8bE\x08\x83\xe1\x03\xf3\xa4\x8bJ\x04\x8d4\x18\x8bE\x14\xc1\xe9\x03\x8d<\x18\x03}\xfc\x8b\xc1\xc1\xe9\x02\xf3\xa5\x8b\xc8\x8bE\xf4\x83\xc0\xecP\xffu\x0c\x83\xe1\x03\xf3\xa4\xe8\x9f\x91\x01\x00\x85\xc0t\x043\xc0\xeb&\x8b}\xf0\x8bu\xf43\xc0@\x8bM\x18\x899\x8bM\x10\x891\xeb\x113\xc0\xeb\xf0\x8bE\x18\x898\x8bE\x10\x8903\xc0@_[^\xc9\xc2\x14\x00\xcc\xcc\xcc\xcc\xcc\x8b\xffU\x8b\xec\x8bE\x0c%\x00\xe0\x00\x00=\x00\x80\x00\x00u\x043\xc0\xeb\x1a\x8bE\x08\x8b\x80\x84\x01\x00\x00j\x00\xffu\x0c\xff4\x85(\x18\x03h\xe8c\xe1\x01\x00]\xc2\x08\x00\xcc\xcc\xcc\xcc\xcc\x8b\xffU\x8b\xec\x8bE\x0c\x8bM\x14W3\xff-\x00$\x00\x00\x899t\x19-\x01(\x00\x00td\x83\xe8\x03tTHtFHtY-\xfaW\x00\x00u\x06 FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtReadFile |
Buffer => \xfa\x10f\x00\x00w\x05\x8bIx\xeb\x8a\x83&\x00\xebA\xc7\x06@\x00\x00\x00\xeb9\x8bM\x1c\x8bI\x10\x85\xc9u\x07\xb9
\x00 \x80\xeb:\x8bI\x08\x89\x0e\xeb!\xf7\xde\x1b\xf6\x81\xe6\xea\x00\x00\x00\x8b\xce\xeb#\x8bM\x14\x85\xc9t\x129\x18r\x0e\x8bU\x1c\x8bR\x04\x89\x11\x89\x183\xc9\xeb\x0c\xf7\xd9\x1b\xc9\x81\xe1\xea\x00\x00\x00\x89\x18_[3\xc0\x85\xc9\x0f\x94\xc0\x8b\xf0\x85\xf6u\x07Q\xff\x15\xc4\x11\x00h\x8b\xc6^]\xc2\x18\x00\xcc\xcc\xcc\xcc\xcc\x8b\xffU\x8b\xecSV\x8bu\x083\xc0\xf6\x06 Wt\x01@\x83}\x0c\x02u\x13\xbb\x84\x12\x00h\xbf|\x12\x00h\xc7E\x08t\x12\x00h\xeb\x17\x83}\x0c\x01uP\xbbl\x12\x00h\xbfd\x12\x00h\xc7E\x08\\x12\x00h\x83\xbeX\x01\x00\x00\x00t\x15j\x00P\xffu\x0ch\xb0\x1a\x03hV\xe8\xcb\xab\x00\x00\x85\xc0u&W\x8b=\xc4\x10\x00h\x81\xc6@\x01\x00\x00\xff6\xff\xd7\xffu\x08\xff6\xff\xd7S FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtReadFile |
Buffer => \x8bu \x85\xf6t\x1d3\xc9;\xc1v\x17\x8dE\xdc+\xf0\x8dD
\xdc\x8a\x1c\x060\x18A;M\x18r\xf1\x8b]\xd8\x8b}\x08\x81\xff\x01f\x00\x00\x0f\x84\xf1\x00\x00\x00\x81\xff\x02f\x00\x00\x0f\x84\xbc\x00\x00\x00\x81\xff\x03f\x00\x00\x0f\x84\x87\x00\x00\x00\x81\xff f\x00\x00t\x7f\x81\xff
f\x00\x00vm\x81\xff\x10f\x00\x00v6;\xfaua\x8bM\x18\x8bu\xd0\x8b\xc1\xc1\xe9\x02\x83}$\x01\x8d}\xect\x03\x8bu\xd4\xf3\xa5\x8b\xc8\x8dE\xecP\xffu\x18\x83\xe1\x03S\xf3\xa4\xe8\x18\xec\x00\x00\xe9\xb2\x00\x00\x00\x83}$\x01u\x15j\x01S\x8dE\xdcP\x8dE\xecP\xe8\x8d\xea\x00\x00\xe9\x9d\x00\x00\x00j\x00S\xffu\xd4\x8dE\xecP\xe8y\xea\x00\x00\xe9\x83\x00\x00\x00\xbe\x08\x00 \x80\xe9\xc7\x00\x00\x00\x83}$\x01u\x12j\x01S\x8dE\xdcP\x8dE\xecP\xe8d\xc6\x00\x00\xebgj\x00S\xffu\xd4\x8dE\xecP\xe8S\xc6\x00\x00\xebP\x83}$\x01u FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtReadFile |
Buffer => \x01\x00\x00\x8dE\xf4PV\xffu\x18\xe8\xcd\xcb\xff\xff\x85\xc0\x0f\x84D\x01\x00\x009u\xf0\x8bE\xf4\x8bM\x14\x8d<\x01u\x17W\xe8@a\x01\x00\x8b\xd8;\xde\x89]\xecu\x11j\x08^\xe9\xb6\x01\x00\x00\x8b]\xf8\x83\xc3\x08\x89]\xec\x8dE\xf4PS\xffu\x18\xe8\x8a\xcb\xff\xff\x85\xc0\x0f\x84\x01\x01\x00\x009u\x10t\x1eVW\x8dE\xf4PSVj\x01V\xffu\x10\xffu\x08\xe8\xd4\xab\xff\xff;\xc6\x0f\x85\xb8\xfd\xff\xff\x83}\xf0\x00\x8bM\xf4\x8dY\x08\x0f\x85<\x01\x00\x00\x8b}\x1c\x8bu\xec\x83\xc7\x08\xe96\x01\x00\x00\x8a\x06<\x03t\x08<\x04\x0f\x85\xb2\x00\x00\x00\x8bE\xfc\x8b@\x10\x85\xc0\x0f\x84\xb8\x00\x00\x00\x8bX\x08\x8bu\x1c\x83\xc3\x07\xc1\xeb\x03\x83\xc3\x14\x85\xf6\x0f\x84\x15\x01\x00\x00\x8bM 9\x19\x0f\x82
\x01\x00\x00\x8b\x08\x8bU\xf8\x89J\x08\x8bH\x08\x89J\x0c\x8bH\x10\x89J\x10\x8bH\x08\x83\xc1\x07\xc1\xe9\x03\x8dp\x14\x8b\xc1\xc1\xe9\x02\x8d FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtReadFile |
Buffer => k\x83E\x90\x08u2\x8b\xb5|\xff\xff\xff\x8dF\x08;\xc6r\x18P\xff\x15\x18 \x03h;\xc7\x89E\x90t\x0f\xc7\x00Heap\x83E\x90\x089}\x90u\x08j\x08[\xe9\x85\x02\x00\x00\x8d\x85|\xff\xff\xffP\x8dE\x90P\x8bE\x94\xffp\x1c\xe8\x8d\xa5\xff\xff;\xc7\x0f\x85c\xfc\xff\xff\xffu\x88\x8bE\x94\xffu\x98\xffu\x90\xffp\x1c\xe8x\xa9\xff\xff;\xc7\x0f\x85G\xfc\xff\xff\xff\xb5t\xff\xff\xff\x8dE\x9cP\xffu\x90\x8bE\x94\xffp\x1c\xe8X\xa9\xff\xff;\xc7\x0f\x85'\xfc\xff\xff\x8bE\x94\x8bx\x10\x8b\x8d|\xff\xff\xff\x8bu\x90\x8b\xc1\xc1\xe9\x02\xf3\xa5\x8b\xc8\x83\xe1\x03\xf3\xa4\x8bE\x94\x83H \x02\x8bM\x80\x8b}\x8c\x8b\xd1\xc1\xe9\x02\x8b\xb5x\xff\xff\xff3\xc0\xf3\xab\x8b\xca\x83\xe1\x03\xf3\xaa\x8bM\x88\x8b}\x98\x8b\xd1\xc1\xe9\x023\xc0\xf3\xab\x8b\xca\x83\xe1\x03\xf3\xaa\x8bE\x94VS\xffp\x10\xffp\x18\xffp\x1c\xe8\x94\xf8\xff\xff\x85\xc0\xe9\xb1 FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtReadFile |
Buffer => \xeb\x07\xc7E\xb8p\xf0\x02h\x8bU\x143\xf6\x85\xd2v\x13\x8bE\x10\x8dD\x10\xff\x8a\x08\x88L5\xbcFH;\xf2r\xf4\x8b]\x1c\x8b\xca\x8b\xfb\x8du\xbc3\xc0\xf3\xa6t\x05\x1b\xc0\x83\xd8\xff\x85\xc0u~\xf6E\x18\x01\x8b\xca\x89M\xb4uG\x8bu\xb8\x85\xf6t@\x8b\x06\x808\x00t9\x89u\xb8\x0f\xb6\x18\x8dx\x01\x8bE\x1c\x8d4\x02\x8b\xcb3\xc0\xf3\xa6t\x05\x1b\xc0\x83\xd8\xff\x85\xc0t\x13\x83E\xb8\x04\x8bE\xb8\x8b\x00\x808\x00u\xd5\x8bM\xb4\xeb\x03\x8d\x0c\x13\x8b]\x1c\x80<\x19\x00u&\x8bE\x08\x8b@\x0c\x80<\x18\x00u\x1a\x80|\x18\xff\x01u\x13AH\xeb\x07\x80<\x19\xffu A;\xc8r\xf53\xc0\xeb\x0c\xb8\x06\x00 \x80\xeb\x05\xb8\x02\x00 \x80\x8bM\xfc_^[\xe8\x92n\x00\x00\xc9\xc2\x18\x00\x10\xdd\x00h\x19\xdd\x00h"\xdd\x00h+\xdd\x00h\x17\xde\x00h\x17\xde\x00h\x17\xde\x00h4\xdd\x00h\x17\xde\x00h\x17\xde\x00h\x17 FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtReadFile |
Buffer => _j\x06\x8dM\xc0Q\x8dM\xe4Q\xffu\xc8\x89}\xc0P\xffU\xb8;\xc3u\x06f9}\xc0t8\x83\xf82\x8bu\xcctSW\x8dE\xe4P\x8dF8P\x8dFXP\x8d\x86d\x01\x00\x00P\xe8\xb7\xe9\xff\xff;\xc3uSSj\x06W\x8dE\xe4P\xffu\xc8\xffu\xd4\xffU\xc4\xeb\x03\x8bu\xccW\xe8\x0c1\x01\x00;\xc3\x89\x86H\x01\x00\x00u\x08j\x08^\xe9\x1a\x01\x00\x00\x8du\xe4\xe9\xff\x00\x00\x00\x8dE\xd8PSSh\x03\x80\x00\x00\xffv\x0c\xe8\xd9\x86\xff\xff\x85\xc0u
\xff\x15\xc8\x11\x00h\x8b\xf0\xe9\xee\x00\x00\x00S\x8dE\xecPj\x02\xffu\xd8\xffv\x0c\xe8k\xb7\xff\xff\x85\xc0t\xdd\x8dE\xbcPj\x01\xffv\x0c\xffu\xd8\xe8\xf0$\x00\x00;\xc3t\x11= \x00 \x80u\xc7\xbe\x02\x00 \x80\xe9\xb2\x00\x00\x00\x8bE\xbc\xffu\xd0\x8b=\xbc\x11\x00h\x83`\x18\xfe\xff\xd7@P\xe8y0\x01\x00;\xc3\x89E\xe0tw\xffu\xd0P\xff\x15 FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtReadFile |
Buffer => \xff\xff\xff6\xe8\xcc!\x01\x00\x8bu\x18\x89\x06\x8bE\x10\xff0\xe8T!\x01\x00;\xc3\x89\x07\x0f\x84r\xff\xff\xff\xff6\xe8C!\x01\x00;\xc3\x8bM\x0c\x89\x01\x0f\x84^\xff\xff\xff\xffu\xf0\xffu\xf8h\x01\x00\x01\x00\xffu\x1cP\xff7\xe8 \xfc\x00\x00\x8b\xf0\xf7\xde\x1b\xf6\x81\xe6\xb1\xfa\xff\xff\x81\xc6O\x05\x00\x00\x8dE\xdcP\x8d\x85p\xff\xff\xffP\xe8\xfbz\x01\x00\x85\xc0u\x0e;\xf3u
\xffu\xe4\xe8\xf6F\x00\x00\x8b\xf09]\xd0t"\x8dE\xdcP\x8d\x85\xc0\xfe\xff\xffP\xe8\xaev\x01\x00\x85\xc0u\x0e;\xf3u
\xffu\xe4\xe8\xcfF\x00\x00\x8b\xf09]\xect\x08\xffu\xec\xe8\xfb \x01\x009]\xf8t\x08\xffu\xf8\xe8\xee \x01\x009]\xf0t\x08\xffu\xf0\xe8\xe1 \x01\x00;\xf3t\x1b\x8b?;\xfbt\x06W\xe8\xd1 \x01\x00\x8bE\x0c\x8b\x00;\xc3t\x06P\xe8\xc2 \x01\x00_\x8b\xc6^[\xc9\xc2\x18\x00\xcc\xcc\xcc\xcc\xcc\x8b\xffU\x8b\xec FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtReadFile |
Buffer => \xdbC\x89]\xa8\x8bE\x18=\x00\x04\x00\x00r0P\x8dE\xccP\x8dE\xc8P\x8dE\xc4P\x8dE\xdcP\x8dE\xe0P\xe8\\xee\xff\xff\x89E\xe4\x85\xc0\x0f\x85\xfd\x01\x00\x00\x89]\xd0\x8b}\xdc\xe9\x8f\x00\x00\x00\x89E\xa4\x8dE\xa4P\x8dE\xc8P\x8dE\xc4P\xe8\xa9\xef\x00\x00\x85\xc0u\x0c\xc7E\xe4 \x00 \x80\xe9\xce\x01\x00\x00\xffu\xc4\xe8\x01\x11\x01\x00\x89E\xe0\x85\xc0u\x0c\xc7E\xe4\x08\x00\x00\x00\xe9\xb3\x01\x00\x00\x89]\xd0\xffu\xc8\xe8L\x11\x01\x00\x89E\xccP\xe8\xda\x10\x01\x00\x8b\xf8\x89}\xdc\x85\xfft\xd7\x8d\x86d\x01\x00\x00\x838\xfft\x10\x89E\x90\xc7E\x94o\xd7\x00h\x8dE\x90\x89E\xc0h\x01\x00\x01\x00\xffu\x18W\xffu\xe0\xffu\xc0\xe8\xf2\xe8\x00\x00\x85\xc0t\x89\x8bE\xcc\x83\xc0\xecP\x8dG\x14P\xe8\x1c\x11\x01\x00\x89E\xd8\x85\xc0\x0f\x85E\x01\x00\x00PSSW\xffu\xe0\xe8s\xfc\xff\xff\x89E\xd8\x85\xc0\x0f\x85.\x01\x00\x00 FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtReadFile |
Buffer => \x85\xe2\x00\x00\x00\xe8\x1f\xf7\xff\xff\x85\xc0\x0f\x84\xd5\x00\x00\x00\x8d\x85\xa4\xfe\xff\xffP\xe8\x8e\x80\x00\x00j\x03h\x1c\xf8\x02h\x8d\x85\xa4\xfe\xff\xffP\xe8K\x8c\x00\x00\x8d\x85|\xff\xff\xffP\x8d\x85\xa4\xfe\xff\xffP\xe8h\x8d\x00\x00\x8b\xcb\xbf \xf8\x02h\x8d\xb5|\xff\xff\xff3\xc0\xf3\xa7\x0f\x85\x8c\x00\x00\x00\x8d\x85\xd4\xfd\xff\xffP\xe85\x8e\x00\x00j\x03h@\xf8\x02h\x8d\x85\xd4\xfd\xff\xffP\xe8R\xbd\x00\x00\x8d\x85L\xff\xff\xffP\x8d\x85\xd4\xfd\xff\xffP\xe8\xbf\xc5\x00\x00j\x0cY\xbfD\xf8\x02h\x8d\xb5L\xff\xff\xff3\xc0\xf3\xa7uF\x8d\x85\x04\xfd\xff\xffP\xe8\x7f\x8e\x00\x00j\x03ht\xf8\x02h\x8d\x85\x04\xfd\xff\xffP\xe8\x0c\xbd\x00\x00\x8d\x85\x0c\xff\xff\xffP\x8d\x85\x04\xfd\xff\xffP\xe8Y\xbe\x00\x00j\x10Y\xbfx\xf8\x02h\x8d\xb5\x0c\xff\xff\xff3\xc0\xf3\xa7t
\xb8 \x00 \x80\xe9\xfa\x01\x00\x00j\x00h\x8c\xf6\x02hj\x05h\x84\xf6\x02hj FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtReadFile |
Buffer => \x04\x00\x00\x8br\x10\x8b\xd1\xc1\xe9\x02\x8d\xb80\x03\x00\x00\xf3\xa5\x8b\xca\x83\xe1\x03\xf3\xa4\x8b\x8bH\x03\x00\x00\x89H\x04\x8b\x8bL\x03\x00\x00\x89H\x08\x8b\x8bP\x03\x00\x00\x89H\x0c\x8b\x8bT\x03\x00\x00\x89H\x10\x8b\x8bX\x03\x00\x00\x89H\x14\x8b\x8b\\x03\x00\x00\x89H\x18\x8b\x8b4\x01\x00\x00\x89\x88\x1c\x01\x00\x00\x8b\xd1\xc1\xe9\x02\x8ds4\x8dx\x1c\xf3\xa5\x8b\xca\x83\xe1\x03\xf3\xa4\x8b\x8b8\x02\x00\x00\x89\x88 \x02\x00\x00\x8b\xd1\xc1\xe9\x02\x8d\xb38\x01\x00\x00\x8d\xb8 \x01\x00\x00\xf3\xa5\x8b\xca\x83\xe1\x03\xf3\xa4\x8b\x8bD\x03\x00\x00\x89\x88,\x03\x00\x00\x8d\xb8,\x02\x00\x00\x8b\xc1\xc1\xe9\x02\x8d\xb3D\x02\x00\x00\xf3\xa5\x8b\xc8\x83\xe1\x03\xf3\xa4\xe9\x1b\x02\x00\x00\x8bJ\x0c\x89\x880\x04\x00\x00\x8br\x10\x8b\xd1\xc1\xe9\x02\x8d\xb80\x03\x00\x00\xf3\xa5\x8b\xca\x83\xe1\x03\xf3\xa4\x8b\x8bH\x03\x00\x00\x89H\x04\x8b\x8bL\x03\x00\x00\x89H\x08\x8b\x8bP\x03\x00\x00\x89H\x0c\x8b\x8bT\x03 FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtReadFile |
Buffer => \x00+\xc1\x89u\xcc\x89U\xd8\x89U\xd0\x89U\xc4\x89U\xc0\x0f\x84H\x01\x00\x00\x83\xe8\x04t
\xbe\x08\x00 \x80\xe9\x97\x01\x00\x00\xf6\x834\x04\x00\x00\x01\x8b{\x0c\x8bC\x04\x89}\xd4\x89E\xc8\x0f\x84\xcd\x00\x00\x00\xffu\x14\x8dE\xf4P\x8dE\xd0P\x8dE\xdcP\x8dE\xccP\x8dE\xd4P\x8dE\xc4PS\xe8<\xfe\xff\xff\x85\xc0\x0f\x852\x01\x00\x00\x8bE\xcc\xf6E\x14\x01t\x07\xc7E\xc0\x01\x00\x00\x00\x8dM\xd8Qj\x01j\x00P\xff6W\xffu\xc0\xffu\xc8\xe8\xf8G\xff\xff\x85\xc0\x0f\x85\x03\x01\x00\x00\x81}\xc8\x02f\x00\x00u
\x8bE\xd8\xc7@l\x80\x00\x00\x00\x8b}\xd8\x8bM\xd0\x8b\xc1\xc1\xe9\x02\x83\xc7D\x8du\xdc\xf3\xa5\x8b\xc8\x83\xe1\x03\xf3\xa4\x8bE\xd8\x8bM\xd0\x89H@\x8b[\x18\x85\xdbt\x19\x8b}\xd8\x8b\xcb\x8b\xc1\xc1\xe9\x02\x83\xc7\x1c\x8du\xf4\xf3\xa5\x8b\xc8\x83\xe1\x03\xf3\xa4j\x00\xffu\xd8\xffu\xbc\xe8\xdbI\xff\xff\x85\xc0\x0f\x85\x85 FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtReadFile |
Buffer => \x8b@\xfc\x89\x85\xdc\xfd\xff\xffj\x14Y3\xc0\x8d\xbd\xd0\xfc\xff\xff\xf3\xab\xc7\x85\xd0\xfc\xff\xff \x04\x00\xc0\x8bE\x04\x89\x85\xdc\xfc\xff\xff\x8d\x85\xd0\xfc\xff\xff\x89E\xf8\x8d\x85(\xfd\xff\xff\x89E\xfc\xa1\x84\x18\x03h\x89\x85 \xfd\xff\xff\xa1\x80\x18\x03h\x89\x85$\xfd\xff\xffj\x00\xff\x15\xd4\x10\x00h\x8dE\xf8P\xff\x15\xd8\x10\x00hh\x02\x05\x00\x00\xff\x15\xdc\x10\x00hP\xff\x15\xe0\x10\x00h_\xc9\xc3\xcc\xcc\xcc\xcc\xcc\x8b\xffU\x8b\xecV3\xf69u\x0cu\x0e95\x9c\x1a\x03h~-\xff
\x9c\x1a\x03h\x83}\x0c\x01\xa1\xf0\x11\x00h\x8b\x00\xa3\x00 \x03hu=h\x80\x00\x00\x00\xff\x15\xec\x11\x00h;\xc6Y\xa3\x08 \x03hu\x043\xc0\xebg\x890\xa1\x08 \x03hh\x08\xf0\x02hh\x00\xf0\x02h\xa3\x04 \x03h\xe8\xac\x01\x00\x00\xff\x05\x9c\x1a\x03hY\xeb?9u\x0cu;\xa1\x08 \x03h;\xc6t2\xeb\x13\x8b
\x04 \x03h\x8b ; FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtReadFile |
Buffer => t3\xc63\xd6%\xfc\xfc\xfc\xfc\x81\xe2\xcf\xcf\xcf\xcf\x8a\xd8\x8a\xcc\xc1\xca\x04\x8b\xab\xb8\x18\x00h\x8a\xda3\xfd\x8b\xa9\xb8\x1a\x00h3\xfd\x8a\xce\xc1\xe8\x10\x8b\xab\xb8\x19\x00h3\xfd\x8a\xdc\xc1\xea\x10\x8b\xa9\xb8\x1b\x00h3\xfd\x8bl$\x1c\x8a\xce%\xff\x00\x00\x00\x81\xe2\xff\x00\x00\x00\x8b\x9b\xb8\x1e\x00h3\xfb\x8b\x99\xb8\x1f\x00h3\xfb\x8b\x98\xb8\x1c\x00h3\xfb\x8b\x9a\xb8\x1d\x00h3\xfb\x8bEx3\xdb\x8bU|3\xc73\xd7%\xfc\xfc\xfc\xfc\x81\xe2\xcf\xcf\xcf\xcf\x8a\xd8\x8a\xcc\xc1\xca\x04\x8b\xab\xb8\x18\x00h\x8a\xda3\xf5\x8b\xa9\xb8\x1a\x00h3\xf5\x8a\xce\xc1\xe8\x10\x8b\xab\xb8\x19\x00h3\xf5\x8a\xdc\xc1\xea\x10\x8b\xa9\xb8\x1b\x00h3\xf5\x8bl$\x1c\x8a\xce%\xff\x00\x00\x00\x81\xe2\xff\x00\x00\x00\x8b\x9b\xb8\x1e\x00h3\xf3\x8b\x99\xb8\x1f\x00h3\xf3\x8b\x98\xb8\x1c\x00h3\xf3\x8b\x9a\xb8\x1d\x00h3\xf3\x8bT$\x14\xd1\xce\x8b\xc73\xfe\x81\xe7\xaa\xaa\xaa\xaa3 FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtReadFile |
Buffer => \x83\xf0\xff#\xc2\x03\xcd\x03\xc83\xc0f\xc1\xc1\x02f\x8b\xc1\x8b\xe8\x83\xf0\xff#\xeb#\xc7\x03\xd0\x8bF\x04\x03\xd0\xc1\xe8\x10\x03\xd5\x03\xf83\xc0f\xc1\xc2\x03f\x8b\xc2\x8b\xe8\x83\xf0\xff#\xc3#\xe9\x03\xf8\x03\xfd\x83\xc6\x08f\xc1\xc7\x05\x8b\xc7\xf7\xd0\x8b\xef#\xc1#\xea\x03\xd8\x8b\x06\x03\xdd\x03\xd8\xc1\xe8\x10\x8b\xef\x03\xc83\xc0f\xd1\xc3f\x8b\xc3#\xe8\x83\xf0\xff#\xc2\x03\xcd\x03\xc83\xc0f\xc1\xc1\x02f\x8b\xc1\x8b\xe8\x83\xf0\xff#\xeb#\xc7\x03\xd0\x8bF\x04\x03\xd0\xc1\xe8\x10\x03\xd5\x03\xf83\xc0f\xc1\xc2\x03f\x8b\xc2\x8b\xe8\x83\xf0\xff#\xc3#\xe9\x03\xf8\x03\xfd\x83\xc6\x08f\xc1\xc7\x05\xe9h\x06\x00\x00\x8d\xa4$\x00\x00\x00\x00\x90\x83\xc6xf\xc1\xcf\x05\x8b\xc2\x8b\xea\x83\xf0\xff#\xe9#\xc3f\xc1\xca\x03\x03\xc5+\xf8\x8bF\x04\x8b\xe9+\xd0\xc1\xe8\x10+\xf8\x8b\xc1\xf7\xd5#\xc3#\xef\x03\xe8f\xc1\xc9\x02+\xd5\x8b\xc3\x8b\xef\xf7\xd0#\xeb#\xc2f\xd1\xcb\x03 FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtReadFile |
Buffer => h34\x9d\xd81\x00h\x8b]\xf8\xc1\xeb\x08\x0f\xb6\xdb34\x9d\xd8-\x00h\x0f\xb6]\xf434\x9d\xd8)\x00h\x0f\xb6]\xf2\x89p\x08\x0f\xb6u\xf7\x8b4\xb5\xd85\x00h34\x9d\xd81\x00h\x0f\xb6\xd6\x8b\x1c\x95\xd8-\x00h\x0f\xb6U\xf83\xf334\x95\xd8)\x00h\x8bX\x04\x89p\x0c\x8b0\x8bQ\x083\xd6\x8bq\x0c3\xf3\x8bX\x08\x89u\xf0\x8bq\x103\xf3\x8bX\x0c\x89u\xf4\x8bq\x14\x89U\xec3\xf3\x89u\xf8\x8b]\xf4\xc1\xee\x18\x8b4\xb5\xd85\x00h\xc1\xeb\x10\x0f\xb6\xdb34\x9d\xd81\x00h\x8b]\xf0\xc1\xeb\x08\x0f\xb6\xdb34\x9d\xd8-\x00h\x0f\xb6\xda34\x9d\xd8)\x00h\x8b]\xf8\x890\xc1\xeb\x10\x0f\xb6\xdb\x8b\xf2\xc1\xee\x18\x8b4\xb5\xd85\x00h34\x9d\xd81\x00h\x8b]\xf4\xc1\xeb\x08\x0f\xb6\xdb34\x9d\xd8-\x00h\x0f\xb6]\xf034\x9d\xd8)\x00h\x0f\xb6]\xee\x89p\x04\x8bu\xf0\xc1\xee\x18\x8b4\xb5\xd85 FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtReadFile |
Buffer => \xc7E\xe8\x02\x00\x00\x00\xeb\x03\x8dI\x00\x8bQ\xf83\x10\x8bq\xfc3p\x04\x89u\xf0\x8b9\x8bp\x083\xf7\x89u\xf4\x8bY\x043X\x0c\x8bu\xf0\x0f\xb6}\xf6\xc1\xee\x18\x8b4\xb5\xd8E\x00h34\xbd\xd8A\x00h\x0f\xb6\xff34\xbd\xd8=\x00h\x0f\xb6\xfa34\xbd\xd89\x00h\x89U\xec\x890\x8bu\xf4\xc1\xee\x18\x8b4\xb5\xd8E\x00h\x89]\xf8\x0f\xb6}\xfa34\xbd\xd8A\x00h\x0f\xb6\xd6\x8b<\x95\xd8=\x00h\x8bU\xf03\xf7\x0f\xb6\xfa34\xbd\xd89\x00h\x0f\xb6}\xee\x89p\x04\x8b\xf3\xc1\xee\x18\x8b4\xb5\xd8E\x00h34\xbd\xd8A\x00h\x0f\xb6\xd6\x8b<\x95\xd8=\x00h\x8bU\xf43\xf7\x0f\xb6\xfa34\xbd\xd89\x00h\x0f\xb6}\xf2\x89p\x08\x0f\xb6u\xef\x8b4\xb5\xd8E\x00h34\xbd\xd8A\x00h\x0f\xb6\xd634\x95\xd8=\x00h\x0f\xb6\xd3\x8b<\x95\xd89\x00h\x8bX\x043\xf7\x8bx\x08\x89p\x0c\x8b0\x8bQ\xe83 FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtReadFile |
Buffer => \xc8\x8b\xf1\xc1\xe9\x02\x8d|\x05\xbc3\xc0\xf3\xab\x8b\xce\x83\xe1\x03\xf3\xaa\x8b]\xb4\x8bu\xb8\xb9\x07\x00\x00\x00+\xcb\x8a\\x15\xbc\xb8\x01\x00\x00\x00\xd3\xe0\x8a\xc8\xfe\xc9
\xd8\xf6\xd1"\xcb\x83\xfa7\x88L\x15\xbc[v6\x8dU\xbcRV\xe8\x91a\x00\x003\xc0\x89E\xbc\x89E\xc0\x89E\xc4\x89E\xc8\x89E\xcc\x89E\xd0\x89E\xd4\x89E\xd8\x89E\xdc\x89E\xe0\x89E\xe4\x89E\xe8\x89E\xec\x89E\xf0\x8bN\x10\x8bV\x14\x8dE\xbcPV\x89M\xf4\x89U\xf8\xe8Oa\x00\x00\x8bM\xfc_\xc7F\x18\x01\x00\x00\x003\xc0^\xe8\xc5\xae\xff\xff\x8b\xe5]\xc2\x0c\x00\xcc\xcc\xcc\xcc\xcc\xcc\x8b\xffU\x8b\xec\x8bE\x083\xc9\xc7\x00g\xe6 j\xc7@\x04\x85\xaeg\xbb\xc7@\x08r\xf3n<\xc7@\x0c:\xf5O\xa5\xc7@\x10\x7fR\x0eQ\xc7@\x14\x8ch\x05\x9b\xc7@\x18\xab\xd9\x83\x1f\xc7@\x1c\x19\xcd\xe0[\x89H \x89H$]\xc2\x04\x00\xcc\xcc\xcc\xcc\xcc\x8b\xffU\x8b FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtReadFile |
Buffer => \xff\xff\x89}\xd8\x8bx\x1c\x89\x95<\xfc\xff\xff\x89U\xb4\x8bP \x89\xbd@\xfc\xff\xff\x89}\xb8\x8bx$\x89\x95|\xfc\xff\xff\x89U\xdc\x8bP(\x89\xbd\x80\xfc\xff\xff\x89}\xe0\x8bx,\x89\x95L\xfc\xff\xff\x89U\xbc\x8bP0\x89\x8d\x9c\xfc\xff\xff\x89M\xcc\x8bH\x0c\x89\xbdP\xfc\xff\xff\x89}\xc0\x8bx4\x89\x95l\xfc\xff\xff\x89U\xc4\x8bP8\x8b@<\x89\x850\xfc\xff\xff\x89E\xf0\x89\x8d`\xfc\xff\xff\x89\xbdp\xfc\xff\xff\x89}\xc8\x89\x95,\xfc\xff\xff\x89U\xec3\xc0\xeb\x03\x8bu\x0c\x8b\x1e\x8bV\x04\x83\xc6\x08\x89u\x0c3\xf6\x0b\xd63\xff\x0b\xfb\x8b\xda\x89]\x94\x89}\x98\x8b\xf7\x0f\xa4\xdf\x08\x0f\xac\xf2\x08\xc1\xe3\x083\xd3\x8b]\x98\xc1\xee\x083\xf7\x8b}\x94\x0f\xa4\xfb\x08\x81\xe2\xff\x00\xff\x00\xc1\xe7\x083\xd7\x8b\xfa\x89U\x94\x81\xe6\xff\x00\xff\x003\xf3\x8b\xde\x0f\xac\xdf\x10\xc1\xeb\x10\x89u\x98\x0f\xa4\xd6\x103\xde\x8bu\x98\xc1\xe2\x103\xfa\x8bU FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtReadFile |
Buffer => \xcc\x89\x8d\x88\xfc\xff\xff\x8b\xce\xf7\xd1#\xcb\x8b]\xd0\xf7\xd2#\xd3\x8b]\xec#\xde\x8bu\xf0#u\xc83\xcb\x8b\x9dp\xfe\xff\xff3\xd63\xbdl\xfe\xff\xff\x8b\xb5\x88\xfc\xff\xff3\xf33\xbd\\xfe\xff\xff3\xb5`\xfe\xff\xff\x8b\x1c\xc5T[\x00h\x03\xcf\x8b\xbc\xc5\xac\xfc\xff\xff\x13\xd6\x03\x0c\xc5P[\x00h\x8b\xb4\xc5\xb0\xfc\xff\xff\x13\xd3\x8b]\xa4\x03\xcf\x8b}\xa8\x13\xd6\x8bu\xbc\x03\xcb\x13\xd7\x03\xf1\x89M\xe4\x8bM\xc0\x13\xca\x89u\xbc\x89U\xe8\x8bU\xd8\x89M\xc0\x8bM\xd4\x8b\xf2\x8b\xf9\x0f\xac\xf7\x1c\x0f\xac\xce\x1c\x89\xb5P\xfe\xff\xff\x8b\xf2\x89\xbdL\xfe\xff\xff\x8b\xfe\x8b\xf1\x89}\xfc\x0f\xac\xf7\x02\x89\xbdt\xfc\xff\xff\x8b\xfa\x0f\xac\xfe\x02\x8b\xbdt\xfc\xff\xff\x89\xb50\xfe\xff\xff\x89\xbd,\xfe\xff\xff\x8b\xf2\x8b\xfa\x8b\xdf\x8b\xf1\x0f\xac\xf3\x07\x0f\xac\xfe\x07\x89\x9d<\xfe\xff\xff\x8b]\xb83\xda#]\xe0\x89\xb5@\xfe\xff\xff\x8bu\xb4\x8b\xfe#\xf13\xf9# FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtReadFile |
Buffer => \xbc\x8b\xd6\x8b\xf9\x0f\xac\xd7\x1c\x0f\xac\xca\x1c\x89\x95H\xfe\xff\xff\x89\xbdD\xfe\xff\xff\x8b\xd6\x8b\xfe\x89}\xf8\x8b\xd1\x0f\xac\xd7\x02\x89\xbd\xb4\xfa\xff\xff\x8b\xfe\x0f\xac\xfa\x02\x8b\xbd\xb4\xfa\xff\xff\x89\x95\xb8\xfe\xff\xff\x8b\xd6\x89\xbd\xb4\xfe\xff\xff\x8b\xfa\x8b\xd1\x8b\xdf\x0f\xac\xd3\x07\x0f\xac\xfa\x07\x89\x9d\x04\xfe\xff\xff\x8b]\xc83\xde#]\xf0\x89\x95\x08\xfe\xff\xff\x8bU\xc4\x8b\xfa#\xd13\xf9#}\xec\x8bM\xc83\xfa\x8b\x95\xb4\xfe\xff\xff#\xce3\xd9\x8b\x8d\x04\xfe\xff\xff3\xca3\x8dD\xfe\xff\xff\x8b\x95\x08\xfe\xff\xff3\x95\xb8\xfe\xff\xff3\x95H\xfe\xff\xff\x03\xf9\x13\xda\x8bU\xe4\x8bM\xe8\x03\xfa\x13\xd9\x8bM\xfc\x89]\xe0\x8b]\x0c\x89}\xdc\x8b}\xa0@AC\x89M\xfc\x89]\x0c\x83\xe1\x0f\x8b\x94\xcd\xac\xfc\xff\xff\x8b\x8c\xcd\xb0\xfc\xff\xffG\x8b\xda\x89}\xa0\x8b\xf9\x0f\xac\xfb\x01\x89\x9dT\xfb\xff\xff\x8b\xda\x0f\xac\xdf\x01\x8b\x9dT\xfb\xff\xff\x89\x9d\xc4\xfe\xff\xff\x8b\xda FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtReadFile |
Buffer => \xff\x0f\xa4\xd7\x08%\xff\x00\xff\x00\xc1\xe2\x083\xc2\x81\xe1\xff\x00\xff\x003\xcf\x8b\xd0\x89\x85T\xff\xff\xff\x8b\xf9\x0f\xac\xfa\x10\x89\x8dX\xff\xff\xff\x0f\xa4\xc1\x10\xc1\xe0\x103\xd0\x8b\x85T\xff\xff\xff\xc1\xef\x103\xf9\x8b\x8dX\xff\xff\xff\x0f\xa4\xc1\x10\xc1\xe0\x10\x81\xe2\xff\xff\x00\x003\xd0\x8b\x85P\xff\xff\xff\x81\xe7\xff\xff\x00\x003\xf9\xc6\x85l\xff\xff\xff\x80\x89\x94\x05\\xff\xff\xff\x89\xbc\x05`\xff\xff\xff\x8b\xbdh\xff\xff\xff3\xc0\x0b\xf8\x8b\x85d\xff\xff\xff3\xd2\x0b\xd0\x89\x95X\xff\xff\xff\x89\xbdT\xff\xff\xff\x8b\xcf\x8b\xc2\x0f\xac\xc1\x08\x0f\xa4\xfa\x08\xc1\xe8\x08\x89\x85h\xff\xff\xff\x8b\xc1\x8b\x8dh\xff\xff\xff3\xca\x8b\x95T\xff\xff\xff\xc1\xe7\x083\xc7\x8b\xbdX\xff\xff\xff\x0f\xa4\xd7\x08%\xff\x00\xff\x00\xc1\xe2\x083\xc2\x81\xe1\xff\x00\xff\x003\xcf\x8b\xd0\x89\x85T\xff\xff\xff\x8b\xf9\x0f\xac\xfa\x10\x89\x8dX\xff\xff\xff\x0f\xa4\xc1\x10\xc1\xe0\x103\xd0\x8b\x85T\xff\xff\xff FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtReadFile |
Buffer => \x00h\x84\xdb\x8b\xd7\x8b\xf1t\x0e\xc1\xe6\x1a\xc1\xe9\x02\xc1\xe2\x1a\xc1\xef\x02\xeb
\xc1\xe6\x1b\xd1\xe9\xc1\xe2\x1b\xd1\xef\x0b\xd7\x0b\xf1\x81\xe6\xff\xff\xff\x0f\x8b\xce\xd1\xe9\x8b\xf9\x81\xe7\x00\x00\x00\x07\x89M\x0c\x8b\xde\x81\xe3\x00\x00\xc0\x00\x0b\xfb\xd1\xef\x8b\xde\x81\xe3\x00\x00\x10\x00\x0b\xfb\xc1\xef\x14\x8b\xd9\x81\xe3\x00\x00\x06\x00\x8b\xce\x81\xe1\x00\xe0\x01\x00\x0b\xd9\x8b\x0c\xbd\xb8#\x00h\xc1\xeb
\x0b\x0c\x9d\xb8"\x00h\x8b}\x0c\x81\xe7\x00\x0f\x00\x00\x81\xe2\xff\xff\xff\x0f\x8b\xde\x81\xe3\xc0\x00\x00\x00\x0b\xfb\xc1\xef\x06\x0b\x0c\xbd\xb8!\x00h\x8b\xfe\x83\xe7?\x0b\x0c\xbd\xb8 \x00h\x8b\xfa\xd1\xef\x89}\xfc\x81\xe7\x00\x00\x00\x06\x8b\xda\x81\xe3\x00\x00\xe0\x01\x0b\xfb\x8b]\xfc\x81\xe3\x00\x1e\x00\x00\x89U\x08\x81\xe2\x80\x01\x00\x00\x0b\xda\xc1\xef\x15\x8b\x14\xbd\xb8'\x00h\xc1\xeb\x07\x0b\x14\x9d\xb8%\x00h\x8b}\x08\x8b\xdf\xc1\xeb\x0f\x83\xe3?\x0b\x14\x9d\xb8&\x00h\x83\xe7?\x0b\x14\xbd\xb8$\x00 FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtReadFile |
Buffer => \xec\x8bE\x10\x8b\x08\xf6\xc1\x01u9\x83\xf9 r4\xd1\xe9\x89\x08\x8b\xc1\xc1\xe8\x05@\xf6\xc1\x1ft\x01@\x8d\x0c\x80\x8d\x14\xcd\x14\x00\x00\x00\x8bM\x0c\x89\x11\x8d\x14\xc5\x14\x00\x00\x00\x8bE\x08\x89\x10\xb8\x01\x00\x00\x00]\xc2\x0c\x003\xc0]\xc2\x0c\x00\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\x8b\xffU\x8b\xec\x81\xec\x90\x00\x00\x00S\x8b]\x08\x8b\x03W3\xff=RSA1\x89}\xfct
_3\xc0[\x8b\xe5]\xc2\x0c\x00\x8bC\x08\xd1\xe8V\x8b\xf0\xc1\xee\x05F\xa8\x1ft\x01F\x8bK\x10\xb8\x01\x00\x00\x00;\xc8\x8d\x0c6u\x11\x8bu\x0c\x8b}\x10\xf3\xa5^_[\x8b\xe5]\xc2\x0c\x00\x8dC\x14QP\x89E\xf8\x8bE\x0cP\x89M\x08\xe8#\x08\x00\x00\x85\xc0}b\xc1\xe6\x03\x81\xfe\x88\x00\x00\x00v\x14Vj\x00\xff\x15\x00\x11\x00h\x85\xc0\x89E\xfctG\x8b\xd0\xeb\x06\x8d\x95p\xff\xff\xff3\xc0\x8b\xce\xc1\xe9\x02\x8b\xfa\xf3\xab\x8b\xce\x83 FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtReadFile |
Buffer => \xd5\xf8\xff\xff\xff\x89M\x14\xeb\x06\x8bu\xf4\x8bE\x10\x8bM\xcc3\xd2\x8a4\x06\x8aT\x06\xff\x8b\xc2\xc1\xea\x08;\xcau
\xbe\xff\x00\x00\x00\x89u\x1c\xeb 3\xd2\xf7\xf1\x89E\x1c\x8b\xf0\x8b\xc6%\x00\x00\x00\x80\xf7\xd8\x1a\xc0\x8bM\xfc\x8b}\xf8\x89]\xd8\x8d\x0c\x8d\xfc\xff\xff\xff\x8b\xd1\x897%\xff\x00\x00\x00\x0f\xb6\xc0\x8a\xd8\x8bu\xfc\x8a\xfb\xc1\xe9\x02\x83\xc7\x04V\x8b\xc3\xc1\xe0\x10f\x8b\xc3\x8b]\xd8\xf3\xab\x8b\xca\x83\xe1\x03\xf3\xaa\x8bE\xf8\x8bM\xf0PQS\xe8\xfd\xf6\xff\xff\x8b}\xec\x8d\x0c\xb5\x00\x00\x00\x00\x8b\xd1\xc1\xe9\x023\xc0\xf3\xab\x8b\xca\x83\xe1\x03\xf3\xaa\x8bE\x14\x8b}\xec\x8b\xc8\x83\xe1\x1f\xba\x01\x00\x00\x00\xd3\xe2V\xc1\xe8\x05S\x89\x14\x87\x8bE\xf8WP\xe8\xbf\xf6\xff\xff\x8bM\xf8\x8bU\xf4VQRS\xe8T\x04\x00\x00\x8bG\xfc\x85\xc0y)\x8bE\xf0\x8bM\xf8VPWQ\xe8\x9a\xf6\xff\xff\x8bU\xf8VRSS\xe8\xee\x03\x00\x00\x8bM FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtReadFile |
Buffer => \x00+\xc1\x83\xd2\x00\x89D\xaf\x0c\x8b\xca\x83\xc5\x04u\x96]\x8b\xc1_^[]\xc2\x10\x00\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\x8b\xffU\x8b\xecSVW\x8bu\x0c\x8b}\x08\x8bM\x103\xdb\x8b\x06\x83\xc6\x04\xf7\xe0\x03\xd8\x8b\x07\x83\xd2\x00\x03\xc3\x8b_\x04\x83\xd2\x00\x89\x07\x03\xd3\xbb\x00\x00\x00\x00\x89W\x04\x83\xd3\x00\x83\xc7\x08Iu\xd5_^[]\xc2\x0c\x00\xcc\xcc\xcc\xcc\xccj\x08hx`\x00h\xe8\x9e1\xff\xff\x83e\xfc\x00\xffu\x08\xff\x15\xb4\x11\x00h\x83M\xfc\xff3\xc0\xeb\x1e\x8bE\xec\x8b\x00\x8b\x003\xc9=\x17\x00\x00\xc0\x0f\x94\xc1\x8b\xc1\xc3\x8be\xe8\x83M\xfc\xffj\x08X\xe8\xa11\xff\xff\xc2\x04\x00\xcc\xcc\xcc\xcc\xcc\x8b\xffU\x8b\xec]\xff%\xb8\x11\x00h\xcc\xcc\xcc\xcc\xcc\x8b\xffU\x8b\xec\x83\xec@VWj\x0eY3\xc0\x8d}\xc0\xf3\xab\x8dE\xfcPj\x013\xf6!u\xfc!u\xf8j\x08\xff\x15\x08\x11\x00hP\xff\x15 FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtReadFile |
Buffer => \xff\xff\xff\xd6\x85\xc0t%\x8d\x85\xe4\xfb\xff\xffPSSSSSSSj\x123\xf6FV\x8d\x85\xf4\xfb\xff\xffP\xff\x15D\x10\x00h\x85\xc0u
\xff\x15\xc8\x11\x00h\x8b\xf8\xeb\x1c\x8b\x85\xdc\xfb\xff\xff\xff0\xff\xb5\xe4\xfb\xff\xff\xff\x15P\x10\x00h\x85\xc0t\x02\x8973\xff9\x9d\xe0\xfb\xff\xfft\x0b\xff\xb5\xe0\xfb\xff\xff\xe8I\xf1\xff\xff9\x9d\xe4\xfb\xff\xfft\x0c\xff\xb5\xe4\xfb\xff\xff\xff\x15$\x10\x00h9\x9d\xe8\xfb\xff\xff\x8b5\x04\x11\x00ht\x08\xff\xb5\xe8\xfb\xff\xff\xff\xd69\x9d\xf0\xfb\xff\xfft\x08\xff\xb5\xf0\xfb\xff\xff\xff\xd6\x8bM\xfc\x8b\xc7_^[\xe8\xb8\x1e\xff\xff\xc9\xc2\x04\x00\xcc\xcc\xcc\xcc\xcc\x8b\xffU\x8b\xec\x81\xec \x04\x00\x00\xa1\x84\x18\x03hS\x89E\xfcV3\xdb\x8d\x85\xfc\xfb\xff\xffW\x8b}\x08\x89\x85\xe0\xfb\xff\xff\x8d\x85\xf0\xfb\xff\xffPj\x08\x89\x9d\xf0\xfb\xff\xff\xc7\x85\xec\xfb\xff\xff\x00\x04\x00\x00\x89\x9d\xe4\xfb\xff\xff\x89\x9d\xe8\xfb FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,117 | 588 | NtReadFile |
Buffer => \x00\x00\x8d\x85T\xff\xff\xffP\xe9Q\xff\xff\xff\x89\x8dP\xff\xff\xff\xe9\x82\x02\x00\x00W\xff\xb5H\xff\xff\xff\xff\x15,\x11\x00h\x83\xf8\xff\x0f\x84\xfb\xfe\xff\xff\x83\xf8\x1c\x0f\x82c\x02\x00\x00WWWj\x02W\xff\xb5H\xff\xff\xff\xff\x15<\x11\x00h;\xc7\x89\x85<\xff\xff\xff\x0f\x84\xd2\xfe\xff\xffWWWj\x04P\xff\x158\x11\x00h;\xc7\x89\x85L\xff\xff\xff\x0f\x84\xb8\xfe\xff\xff\x8b\x00\x83\xf8\x02\x89\x03\x0f\x85\x1c\x02\x00\x00\x83{ \x00\x8b\x85L\xff\xff\xff\x8dS\x04j\x07\x8dp\x04Y\x8b\xfa\xf3\xa5t\x14\x83:\x00t\x0f\xc7\x85P\xff\xff\xff"\x00 \x80\xe9\xef\x01\x00\x00\x8bH \x8b@$\xffs\x08\x89\x8d4\xff\xff\xff\x89\x858\xff\xff\xff\xe8\xa6\xe0\xff\xff\x85\xc0\x89C@\x0f\x84q\x01\x00\x00\x8bK\x08\x8b\xb5L\xff\xff\xff\x8b\xf8\x8b\xc1\xc1\xe9\x02\x83\xc6(\xf3\xa5\x8b\xc8\x83\xe1\x03\xf3\xa4\x8bs\x08\xffs\x1c\x83\xc6(\x89\xb5P\xff\xff\xff\xe8k\xe0\xff FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,128 | 588 | NtReadFile |
Buffer => \x83\xf8\x05\x0f\x85h\x01\x00\x00C\xeb\xc3\xff\xb5\xa8\xfd\xff\xff\xff\x15\xc0\x11\x00h\x83\x8d\xa8\xfd\xff\xff\xff\x83\xa6\x04\x01\x00\x00\x00\x89\x9e\x08\x01\x00\x00i\xdb\x05\x01\x00\x00S\xc7\x86\x00\x01\x00\x00\x05\x01\x00\x00\xe8*\xd1\xff\xff\x85\xc0\x89\x86\x0c\x01\x00\x00u\x08j\x08[\xe9\x1f\x01\x00\x003\xc0PP\xb9\x94\x00\x00\x00\x8d\xbd\xac\xfd\xff\xffP\xf3\xab\x8d\x8d\xac\xfd\xff\xffQP\xff\xb5\x98\xfd\xff\xff\xff\x15$\x11\x00h\x83\xf8\xff\x89\x85\xa8\xfd\xff\xff\x0f\x84\x00\xff\xff\xff\x8b\x1dD\x11\x00h\x8d\x8d\xac\xfd\xff\xffQP\xff\xd3\x85\xc0t"3\xc0\xb9\x94\x00\x00\x00\x8d\xbd\xac\xfd\xff\xff\xf3\xab\x8d\x85\xac\xfd\xff\xffP\xff\xb5\xa8\xfd\xff\xff\xff\xd3\x85\xc0u\x0e\xff\x15\xc8\x11\x00h\x83\xf8\x12\xe9\xc5\xfe\xff\xff\x83\xa5\x9c\xfd\xff\xff\x00\x83\xbe\x08\x01\x00\x00\x00\x8b\xbe\x0c\x01\x00\x00\x0f\x86\x86\x00\x00\x00\x8d\x85\xa0\xfd\xff\xffPW\xff\xb5\xa4\xfd\xff\xff\x8d\x85\xd8\xfd\xff\xffPj\x01\xc7\x85 FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,128 | 588 | NtReadFile |
Buffer => W\xe8\x13\xfc\xff\xff\x85\xc0u:\x8dE\xfcP\x8dE\xf8PVh\xe4\x1a\x03hha\x1d\x00\x00W\xe8\xf6\xfb\xff\xff\x85\xc0u\x1d\x8dE\xfcP\x8dE\xf8PVh\x04\x1b\x03hhb\x1d\x00\x00W\xe8\xd9\xfb\xff\xff\x85\xc0t*\x8b\xf0\xa1\xa8\x1a\x03h\x85\xc0t
P\xe8Z\xc1\xff\xff\x83%\xa8\x1a\x03h\x00\x85\xfft\x07W\xff\x15\xa4\x11\x00h\x8b\xc6\xe9\x92\x00\x00\x00\xa1\xa8\x1a\x03h\x01\x05\xbc\x1a\x03h\x01\x05\xc0\x1a\x03h\x01\x05\xc4\x1a\x03h\x01\x05\xb0\x1a\x03h\x01\x05\xb4\x1a\x03h\x01\x05\xb8\x1a\x03h\x01\x05\xd4\x1a\x03h\x01\x05\xd8\x1a\x03h\x01\x05\xc8\x1a\x03h\x01\x05\xcc\x1a\x03h\x01\x05\xd0\x1a\x03h\x01\x05\xe0\x1a\x03h\x01\x05\xf4\x1a\x03h\x01\x05\xfc\x1a\x03h\x01\x05\xf8\x1a\x03h\x01\x05\x00\x1b\x03h\x01\x05\xdc\x1a\x03h\x01\x05\xf0\x1a\x03h\x01\x05\xec\x1a\x03h\x01\x05\xe8\x1a\x03h\x01\x05\xe4\x1a\x03h\x01\x05\x04\x1b\x03hW\xff\x15\xa4\x11\x00h3\xc0 FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,128 | 588 | NtReadFile |
Buffer => \x11\x00h3\xff\xe9\x88\x00\x00\x003\xc0\x8dM\xfc@QPS\x89E\xf4\xff\xd6P\xff\xd7\x85\xc0t]3\xc0\x8d}\xd8\xab\xab\xab\xab3\xc0\x8d}\xc8\xab\xab\xab\xab\x8dE\xe8Ph c\x00hj\x00\xff\x15p\x10\x00h\x85\xc0t6\x8bE\xe8\x89E\xdc\x8bE\xec\x89E\xe0\x8dE\xf0P\x8dE\xc8Pj\x10\x8dE\xd8Pj\x00\xffu\xfc\xc7E\xd8\x01\x00\x00\x00\xc7E\xe4\x02\x00\x00\x00\xff\x15\x80\x10\x00h\x89E\xf83\xff\xffu\x1c\xffu\x18\xffu\x14\xffu\x10\xffu\x0c\xe8\xc3\xe6\xff\xff9}\x08\x8b\xf0t\x179}\xf8t\x12WWj\x10\x8dE\xc8PW\xffu\xfc\xff\x15\x80\x10\x00h9}\xfct \xffu\xfc\xff\x15\x04\x11\x00h9}\xf4t\x06\xff\x15X\x10\x00h_\x8b\xc6^[\xc9\xc2\x18\x00\xcc\xcc\xcc\xcc\xcc\x8b\xffU\x8b\xecQV\x8b5\x08\x1b\x03hWV\x89u\xfc\xe8\x88\xaf\xff\xff\x8b\xf8\x85\xff\x0f\x85\x02\x01\x00\x009F \x0f\x84\xf1\x00\x00 FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,128 | 588 | NtReadFile |
Buffer => \xc0\x0f\x84\xd2\xfc\xff\xff3\xf6F\x83}\xb4\x00\x0f\x85\xfd\x01\x00\x00\x8bM\xb0\x8dA\x019E\xd4\x0f\x84\xee\x01\x00\x009M\xd4\xffu\x10\x0f\x85\xd8\x01\x00\x00\x8dE\xb8P\xffu\xe4\xffu\x0c\xffu\x08\xe8]-\x00\x00\x8b\xf0\x85\xf6\x0f\x84\xe3\x01\x00\x00\x83}\xb8\x01uj\xffu\x10\x8dE\xbcP\x8bE\xcc\xff0\xffu\x0c\xffu\x08\xffu\xc8\xffs \xe8\x07\xf9\xff\xff\x8b\xf0\x85\xf6\x0f\x84\xb6\x01\x00\x00\x83}\xbc\x00u=\xffu\x10\xffu\x0c\xffwT\xffu\x08\xe8G+\x00\x00\x85\xc0\x0f\x84B\xfc\xff\xff\xffu\x10\x8dE\xacPj\x01j\x08\xffwT\xffu\x0c\xffu\x08\xe8&7\x00\x00\x85\xc0\x0f\x84!\xfc\xff\xff3\xf6F\x83}\xac\x00\x0f\x84\xe8\xfe\xff\xff\xffE\xfc\x83E\xd0\x04\x83E\xdc\x08\x83E\xcc\x04\x83}\xfc\x01\x0f\x86\x18\xfc\xff\xff\x83e\xfc\x00\x8dG<\x89E\x08\x8dC0\x89E\xcc\x8dC8\x89E\xd0\xffu\x10\x8bE\x08\xffu\xd0j\x01\xff FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,128 | 588 | NtReadFile |
Buffer => \xd0\x8b\xd9\x83\xe0\x1f\xc1\xea\x05\xc1\xee\x05;\xc3\x89]\xfcr\x1b\x8dK\x01;\xf9\x89M\x18w\x03\x89}\x18\x8b\xc8\x8bE\x08\x8b\x14\x90+\xcb\xd3\xea\xeb\x19\x8dH\x01;\xf9\x89M\x18w\x03\x89}\x18\x8b\xcb+\xc8\x8bE\x08\x8b\x14\x90\xd3\xe2j Y+M\x18\x83\xc8\xff\xd3\xe0j\x1fY+M\xfc\xd3\xe8\x8bM\x10\x8d\x0c\xb1\x8b\xf0\xf7\xd6#1#\xc2\x0b\xf0+}\x18\x891\x0f\x85w\xff\xff\xff^[3\xc0@_\xc9\xc2\x18\x00\xcc\xcc\xcc\xcc\xcc\x8b\xffU\x8b\xecVW\xffu\x0c\x8b}\x08W\xe8\xbe\xfd\xff\xff\x8b\xf0\x85\xf6t\x0f\xfft\xb7\xfc\xe8Z\xfe\xff\xffN\xc1\xe6\x05\x03\xc6_^]\xc2\x0c\x00\xcc\xcc\xcc\xcc\xcc\x8b\xffU\x8b\xecV3\xc93\xf69M\x0ct\x0e\x8bE\x089\x0c\xb0u\x18F;u\x0cu\xf5\xffu\x10Qj\x11\xe8\\xb7\xfe\xff3\xc0^]\xc2\x0c\x00\xff4\xb0\xe8M\xfe\xff\xff\xc1\xe6\x05\x03\xc6\xeb\xec\xcc\xcc\xcc\xcc\xcc\x8b\xffU\x8b\xecQ FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,128 | 588 | NtReadFile |
Buffer => \xfc\x839\x00u\x08N\x83\xe9\x04\x85\xf6u\xf3\x8dD\x18\xfc\x838\x00u\x08J\x83\xe8\x04\x85\xd2u\xf3\xffu0\x8b]\xe4\x8dE\x80P\xffu,\x89u\xe8\x8bu\xe0SV\x8dE\x90P\x89U\xec\xe8\x89'\x00\x00\x85\xc0\x0f\x84 \x01\x00\x00\x8bM\x803\xffG\x85\xc9u 9M\x84\x0f\x84\x00\xfc\xff\xff\x8bE,;E\x14\x0f\x83\xf1\x00\x00\x00\x89\x0c\x86\x8bE,\x8bM\x84\x89\x0c\x83\xe94\xfe\xff\xff\x8b}\xf4\x8bU\xb4\xc1\xe7\x02\xc1\xe2\x02\x8bD\x15\xe8\x8bL\x15\xe0\x8dt=\xe8\x8b\x1e+\xd8\x89E\xfc\x8bE,C\x89M\xb4\xe8\xcb\xf6\xff\xff\xffu0\x89E\xf8\xffu\xd4\x8bD=\xd8\xffu\xd0j\x00\xffu\xfc\xfft\x15\xd8\xff6P\xe8\xa1\x11\x00\x00\x85\xc0\x0f\x84\x85\x00\x00\x00\x8bM\xd0\x8b\xc3\xe8\x98\xf6\xff\xff\x8bM\xd4\x8b\xd8\x8bE\xfc\xe8\x8b\xf6\xff\xff\x89\x06\xc1\xe0\x02P\xffu\xd4\xfft=\xd8\xe8\xe1<\x00\x00\x83\xc4\x0c\xffu0\xffu\xd4\xffu FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,128 | 588 | NtReadFile |
Buffer => \x01\x00\x00\x8dt\x9e\xfc\x8b\x06;\xc1\x89u\xe8\x0f\x84\xff\x00\x00\x00P\x89M\xfc\x89M\xec\xe8\xe0\xde\xff\xff\x8b>j Y+\xc8\x83\xfb\x02\x89M\xf8r \x8bE\x08\x8bt\x98\xf8\xeb\x023\xf6\x83\xfb\x03r \x8bE\x08\x8bT\x98\xf4\xeb\x023\xd2j\x1f[\xffu\x14+\xd9\x83e\xf4\x00\x8b\xc6\xd1\xe8\x8b\xcb\xd3\xe8\x8bM\xf8\xd3\xe7\xd1\xea\x8b\xcb\xd3\xea\x8bM\xf8\xd3\xe6\x0b\xc7\x8d}\xecW\x0b\xd6\x8b\xf2\x83\xcb\xff\x8d}\xfcW\x8b\xd3P+\xd0\x8b\xcb+\xceRQ\xe8\xa8\xfe\xff\xff\x85\xc0t9\x8bE\xfc\xf7\xe6;U\xec\xc7E\xf4\x01\x00\x00\x00\x89E\xe0v\x03\xffM\xfc\x8bM\xf8\x8bE\xe8\x8b}\x0c\x8b\xf3\xd3\xee+0O;u\xfcsD\x85\xffv\x0f\x8bE\x08\x8bD\xb8\xfc\xeb\x08\x83e\xf4\x00\xebW3\xc0\x8bU\x08\x83e\xe4\x00\x8b\xcb+\xc8\x8bE\xfc\xf7$\xba;\xd6w\x17r\x04;\xc1w\x11+\xc8\x1b\xf2\x89u\xe4\x8b\xf1u \x85\xffu\xbb\xeb\x03 FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,128 | 588 | NtReadFile |
Buffer => \xfb\xcb\x0f\xd4\xc1\x0f\x7f\xc1\x0f\x7f\xd3\x0f\xdb\xcb\x0f\x7f \x83\xc1\x10O\x0fs\xd0 \x0f\x7f\xc1u\xd19S\x0c\x0f\xef\xc0\x0f\x7f\xc3\x0f\xfb\xd9\x0f\x7f\xd9\x0f\xdf\xcat.\x8bK\x08+\xf1\x0fo\x14\x0e\x0f\xd4\xc2\x0fo\x11\x0f\x7f\xcb\x0f\xdb\xd3\x0f\xd4\xc2\x0f\x7f\xc2\x0f~\xd7\x89<\x90B\x83\xc1\x10;S\x0c\x0fs\xd0 u\xd7\x0fw3\xc0_@^\x8b\xe5]\x8b\xe3[\xc2\x0c\x00\xcc\xcc\xcc\xcc\xcc\x8b\xffS\x8b\xdcQQ\x83\xe4\xf0\x83\xc4\x04U\x8bk\x04\x89l$\x04\x8b\xec\x83\xec8\x8bC\x10\x8bK\x18\x83e\xec\x00\x83M\xe8\xff\x83e\xe4\x00\x83M\xe0\xfff\x0foU\xe0\x89E\xd0\x8bC\x14V\x8b0W\x8bx \x8b@\x1c\x89E\xdc\x8bC\x08\x8b\x10\x0f\xafU\xdc\x83\xc1\x0f\x8b\xc6\x83\xe1\xf0\xc1\xe0\x04\x03\xc1\x85\xf6\x89U\xc8\x89E\xd4tY\x8bS\x08+\xd7\x89E\xf8)M\xf8f\x0f\xef\xc0\x89M\xd8\x89}\xfc\x89U\xcc\x89u\xf4\xeb\x03\x8bU\xcc\x8b}\xfc FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,128 | 588 | NtReadFile |
Buffer => \xff\x85\xf6t\x08\x8b\xc8\x8b\xc2\x8b\xd1\x8b\xce\x83e\x14\x00\x85\xd2_u\x0f\x8bU\x18\x8bu\xfc\x89\x02\x89J\x04\xebh\xd1\xea\x8b\xda\xf7\xd3\xf6\xc3\x01u\xf5\xeb1;\xc2\x1b\xf6\xf7\xde+\xce+\xc2\xeb
\x8b\xf1\xc1\xe6\x1e\xc1\xe8\x02\x0b\xc6\xc1\xe9\x02\xa8\x03t\xef\x8b\xd8\xf7\xd3\xf6\xc3\x01t\x0b\x8b\xf1\xc1\xe6\x1f\xd1\xe8\x0b\xc6\xd1\xe9\x85\xc9u\xcb\xffu\x1c\x8dM\x14QRP\xe8
\xfe\xff\xff3\xf6\x85\xc0t\x12\x8bE\x14\x83e\x14\x00\x8bM\x18F3\xd2\x89\x01\x89Q\x04\x8b\xc6^[\xc9\xc2\x18\x00\xcc\xcc\xcc\xcc\xcc\x8b\xffU\x8b\xec\x83\xec\x10SVW\xffu\x1c\xffu\x10\xffu\x0c\xe8\xd3\xbf\xff\xff\x8bu\x18\x8b\x1e\xffu\x1c\x8bN\x08\x89E\xf8\x8b\xc3\xc1\xe0\x02j\x00\x03\xc8Q\x89E\xf0\xe8 \xc6\xff\xff\x8b\xf8\x85\xff\x89}\xfcu\x073\xdb\xe9\xbc\x01\x00\x00\x83}\xf8\x00\xffu\x1c\xff6u\x1d\xffv \x8bF,\xffu\x14PP\xe8\xf8\xb3\xff\xff\x8b\xd8\xf7\xdb FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,128 | 588 | NtReadFile |
Buffer => Data\x002\x00\x00CryptUnprotectData\x00d\x00\x00SHGetFolderPathW\x002\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1c\xe0\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\xe0\x02\x00\xe0\x11\x00\x00\x10\xdf\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00N\xe3\x02\x00\xd4\x10\x00\x00<\xde\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00j\xe4\x02\x00\x00\x10\x00\x00T\xe0\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x14\xe7\x02\x00\x18\x12\x00\x00\x0c\xe0\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00D\xe7\x02\x00\xd0\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x14\xea\x02\x00\x00\xea\x02\x00\xe0\xe9\x02\x00\xc2\xe9\x02\x00\xa6\xe9\x02\x00\x8a\xe9\x02\x00 FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,128 | 588 | NtReadFile |
Buffer => \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00FL\x01h\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00J\xdd\xa2,y\xe8!\x05\xd4\x13\x00h\xc0\x13\x00h\xbc\x13\x00h\xa8\x13\x00h\x94\x13\x00h\xbc\x13\x00h\x80\x13\x00hl\x13\x00h\xbc\x13\x00hX\x13\x00hH\x13\x00h FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,128 | 588 | NtReadFile |
Buffer => m (SHA-1)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x80\x00\x00\x80\x00\x00\x00\x80\x00\x00\x00\x80\x00\x00\x00 \x00\x00\x00\x04\x00\x00\x00MD2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\x00\x00\x00Message Digest 2 (MD2)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x80\x00\x00\x80\x00\x00\x00\x80\x00\x00\x00\x80\x00\x00\x00 \x00\x00\x00\x04\x00\x00\x00MD4\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\x00\x00\x00Message Digest 4 (MD4)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x80\x00\x00\x80\x00\x00\x00\x80\x00\x00\x00\x80\x00\x00\x00 \x00\x00\x00\x04\x00\x00\x00MD5\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\x00\x00\x00Message Dige FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,128 | 588 | NtReadFile |
Buffer => \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00RSA Data Security's RC4\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01f\x00\x008\x00\x00\x008\x00\x00\x008\x00\x00\x00\x0f\x00\x00\x00\x04\x00\x00\x00DES\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\x00Data Encryption Standard (DES)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 f\x00\x00p\x00\x00\x00p\x00\x00\x00p\x00\x00\x00\x0f\x00\x00\x00
\x00\x00\x003DES TWO KEY\x00\x00\x00\x00\x00\x00\x00\x00\x13\x00\x00\x00Two Key Triple DES\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03f\x00\x00\xa8\x00\x00\x00\xa8\x00\x00\x00\xa8\x00\x00\x00\x0f\x00\x00\x00 FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,128 | 588 | NtQueryInformationFile |
FileHandle => 0x0000025c FileInformation => \xd0\x10\x03\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:14,128 | 588 | NtSetInformationFile |
FileHandle => 0x0000025c FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:14,128 | 588 | NtReadFile |
Buffer => \x00\x01\x00\x00P\x01\x00\x00\x1c\x86V\xe4\x80\xb9\x0fs\x00\x007\x00C\x00A\x00P\x00I\x00:\x00 \x00T\x00h\x00e\x00 \x00i\x00n\x00s\x00t\x00a\x00l\x00l\x00 \x00p\x00r\x00o\x00g\x00r\x00a\x00m\x00 \x00c\x00o\x00u\x00l\x00d\x00 \x00n\x00o\x00t\x00 \x00o\x00p\x00e\x00n\x00 \x00s\x00i\x00g\x00n\x00a\x00t\x00u\x00r\x00e\x00 \x00f\x00i\x00l\x00e\x00?\x00C\x00A\x00P\x00I\x00:\x00 \x00T\x00h\x00e\x00 \x00i\x00n\x00s\x00t\x00a\x00l\x00l\x00 \x00p\x00r\x00o\x00g\x00r\x00a\x00m\x00 \x00c\x00o\x00u\x00l\x00d\x00 \x00n\x00o\x00t\x00 \x00g\x00e\x00t\x00 \x00t\x00h\x00e\x00 \x00s\x00i\x00z\x00e\x00 \x00o\x00f\x00 \x00R\x00s\x00a\x00b\x00a\x00s\x00e\x00.\x00s\x00i\x00 FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,128 | 588 | NtReadFile |
Buffer => \x07:\x0e:\x18:%:t:\x81:\x8f:\x9f:\xad:\xbb:\xc9:\xda:\xe8:\xf6:\x04;\x12; ;2;C;Q;\xa0;\xdb;\xe5;\xef;\xf9;\x10<\x17<'<4<M<T<a<l<~<\x85<\x8f<\x99<\xda<\xe7<\xf7<\x01=\x18=\x1f=/=:=Q=X=h=s=\x85=\x8c=\x96=\xa3=\xde=\xeb=\xfb=\x05>\x1c>#>3>>>R>Y>i>t>\x86>\x8d>\x97>\xa4>\xdf>\xe9>\xf9>\x03?\x17?$?4???S?Z?j?u?\x87?\x8e?\x98?\xa3?\xdc?\xe6?\xf6?\x00\x80\x01\x00\xe4\x01\x00\x00\x000\x170\x1e0.090L0W0g0r0\x840\x8b0\x950\xa20\xee0\xfa0\x081\x1e1(181F1W1d1t1\x821\x901\xa21\xaf1\xbd1\xcb102k2u2\x7f2\x892\xa02\xa72 FileHandle => 0x0000025c |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | LdrLoadDll |
Flags => 1296584 BaseAddress => 0x68000000 FileName => rsaenh.dll |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPAcquireContext FunctionAddress => 0x6800fb46 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPReleaseContext FunctionAddress => 0x6800f017 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPGenKey FunctionAddress => 0x6800afb1 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPDeriveKey FunctionAddress => 0x6800d086 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPDestroyKey FunctionAddress => 0x68009460 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPSetKeyParam FunctionAddress => 0x68009638 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPGetKeyParam FunctionAddress => 0x68009a22 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPExportKey FunctionAddress => 0x6800ba24 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPImportKey FunctionAddress => 0x6800bf8a ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPEncrypt FunctionAddress => 0x68006c8e ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPDecrypt FunctionAddress => 0x68007100 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPCreateHash FunctionAddress => 0x680074ba ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPHashData FunctionAddress => 0x68007e56 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPHashSessionKey FunctionAddress => 0x68007fa0 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPDestroyHash FunctionAddress => 0x680082d1 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPSignHash FunctionAddress => 0x6800da22 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPVerifySignature FunctionAddress => 0x6800df0a ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPGenRandom FunctionAddress => 0x6800d7a7 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPGetUserKey FunctionAddress => 0x68009562 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPSetProvParam FunctionAddress => 0x68009e6d ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPGetProvParam FunctionAddress => 0x68009f9c ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPSetHashParam FunctionAddress => 0x6800a56f ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPGetHashParam FunctionAddress => 0x6800c891 ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPDuplicateKey FunctionAddress => 0x6800aaae ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CPDuplicateHash FunctionAddress => 0x6800852e ModuleHandle => 0x68000000 |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | RegOpenKeyExA |
Handle => 0x00000260 Registry => 0x80000002 SubKey => Software\Microsoft\Cryptography |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | RegQueryValueExA |
Handle => 0x00000260 DataLength => 37 ValueName => MachineGuid Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | RegQueryValueExA |
Handle => 0x00000260 Data => 99d6ed61-80b2-42d4-8c72-45c08cbdb8ae\x00 ValueName => MachineGuid |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | RegCloseKey |
Handle => 0x00000260 |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Cryptography\Offload |
FAILURE | 0x00000002 | |
| 18:34:14,178 | 588 | RegCloseKey |
Handle => 0x00000258 |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | RegOpenKeyExW |
Handle => 0x00000258 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Setup |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | RegQueryValueExW |
Handle => 0x00000258 Data => ValueName => PrivateHash |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | RegCloseKey |
Handle => 0x00000258 |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows NT\Non-Driver Signing |
FAILURE | 0x00000002 | |
| 18:34:14,178 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Non-Driver Signing |
FAILURE | 0x00000002 | |
| 18:34:14,178 | 588 | LdrLoadDll |
Flags => 1296948 BaseAddress => 0x76c30000 FileName => WINTRUST.dll |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => WinVerifyTrust FunctionAddress => 0x76c32f2c ModuleHandle => 0x76c30000 |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | RegCreateKeyExW |
Handle => 0x00000252 Access => 3 Registry => 0x80000000 Class => SubKey => ftp |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | RegSetValueExW |
Handle => 0x00000252 Buffer => {\x006\x003\x00d\x00a\x006\x00e\x00c\x000\x00-\x002\x00e\x009\x008\x00-\x001\x001\x00c\x00f\x00-\x008\x00d\x008\x002\x00-\x004\x004\x004\x005\x005\x003\x005\x004\x000\x000\x000\x000\x00}\x00\x00\x00 ValueName => ShellFolder Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | RegCloseKey |
Handle => 0x00000252 |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | RegOpenKeyExA |
Handle => 0x00000250 Registry => 0x80000002 SubKey => System\CurrentControlSet\Control\Session Manager |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | RegQueryValueExA |
Handle => 0x00000250 DataLength => 0 ValueName => PendingFileRenameOperations Type => 592 |
FAILURE | 0x00000002 | |
| 18:34:14,178 | 588 | RegCloseKey |
Handle => 0x00000250 |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | RegOpenKeyExA |
Handle => 0x00000250 Registry => 0x80000002 SubKey => System\CurrentControlSet\Control\Session Manager |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | RegQueryValueExA |
Handle => 0x00000250 DataLength => 0 ValueName => PendingFileRenameOperations Type => 592 |
FAILURE | 0x00000002 | |
| 18:34:14,178 | 588 | RegCloseKey |
Handle => 0x00000250 |
SUCCESS | 0x00000000 | |
| 18:34:14,178 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\RenameFiles |
FAILURE | 0x00000002 | |
| 18:34:14,178 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\DeleteFiles |
FAILURE | 0x00000002 | |
| 18:34:14,178 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\PreConvRenameFiles |
FAILURE | 0x00000002 | |
| 18:34:14,228 | 588 | DeleteFileA |
FileName => C:\DOCUME~1\TDW\LOCALS~1\Temp\RGI1.tmp |
SUCCESS | 0x00000001 | |
| 18:34:14,228 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SHChangeNotify FunctionAddress => 0x7ca24909 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,228 | 588 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0007 SectionHandle => 0x00000230 FileHandle => 0x00000000 |
SUCCESS | 0x00000000 | |
| 18:34:14,228 | 588 | ZwMapViewOfSection |
SectionOffset => 0x0013d400 SectionHandle => 0x00000230 ProcessHandle => 0xffffffff BaseAddress => 0x00f70000 |
SUCCESS | 0x00000000 | |
| 18:34:14,228 | 588 | ZwMapViewOfSection |
SectionOffset => 0x0013d420 SectionHandle => 0x00000238 ProcessHandle => 0xffffffff BaseAddress => 0x00f70000 |
SUCCESS | 0x00000000 | |
| 18:34:14,238 | 588 | RegCreateKeyExA |
Handle => 0x00000238 Access => 2 Registry => 0x80000002 Class => SubKey => Software\Clients\StartMenuInternet |
SUCCESS | 0x00000000 | |
| 18:34:14,238 | 588 | RegSetValueExA |
Handle => 0x00000238 Buffer => IEXPLORE.EXE\x00 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:14,238 | 588 | RegCloseKey |
Handle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,238 | 588 | RegOpenKeyExW |
Handle => 0x00000238 Registry => 0x80000001 SubKey => Software\Clients\StartMenuInternet |
SUCCESS | 0x00000000 | |
| 18:34:14,238 | 588 | RegDeleteValueW |
Handle => 0x00000238 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:14,238 | 588 | RegCloseKey |
Handle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,238 | 588 | GetSystemMetrics |
SystemMetricIndex => 4096 |
SUCCESS | 0x00000000 | |
| 18:34:14,238 | 588 | GetSystemMetrics |
SystemMetricIndex => 11 |
SUCCESS | 0x00000020 | |
| 18:34:14,238 | 588 | GetSystemMetrics |
SystemMetricIndex => 12 |
SUCCESS | 0x00000020 | |
| 18:34:14,238 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,238 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,238 | 588 | GetSystemMetrics |
SystemMetricIndex => 38 |
SUCCESS | 0x0000004b | |
| 18:34:14,238 | 588 | GetSystemMetrics |
SystemMetricIndex => 39 |
SUCCESS | 0x0000004b | |
| 18:34:14,238 | 588 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x00000238 ObjectAttributes => \REGISTRY\USER\S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 18:34:14,238 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => Control Panel\Desktop |
SUCCESS | 0x00000000 | |
| 18:34:14,238 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => SmoothScroll Type => 2001087048 |
FAILURE | 0x00000002 | |
| 18:34:14,238 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,238 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:14,238 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:14,238 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,238 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,238 | 588 | GetSystemMetrics |
SystemMetricIndex => 0 |
SUCCESS | 0x00000320 | |
| 18:34:14,238 | 588 | GetSystemMetrics |
SystemMetricIndex => 1 |
SUCCESS | 0x00000258 | |
| 18:34:14,238 | 588 | GetSystemMetrics |
SystemMetricIndex => 32 |
SUCCESS | 0x00000004 | |
| 18:34:14,238 | 588 | GetSystemMetrics |
SystemMetricIndex => 33 |
SUCCESS | 0x00000004 | |
| 18:34:14,238 | 588 | GetSystemMetrics |
SystemMetricIndex => 36 |
SUCCESS | 0x00000004 | |
| 18:34:14,238 | 588 | GetSystemMetrics |
SystemMetricIndex => 37 |
SUCCESS | 0x00000004 | |
| 18:34:14,238 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
SUCCESS | 0x00000000 | |
| 18:34:14,238 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => EnableBalloonTips Type => 2001084784 |
FAILURE | 0x00000002 | |
| 18:34:14,238 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,238 | 588 | RegCloseKey |
Handle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,238 | 588 | RegOpenKeyExA |
Handle => 0x00000238 Registry => 0x80000001 SubKey => software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
SUCCESS | 0x00000000 | |
| 18:34:14,238 | 588 | RegQueryValueExW |
Handle => 0x00000238 DataLength => 520 ValueName => ListviewScrollOver Type => 1299692 |
FAILURE | 0x00000002 | |
| 18:34:14,238 | 588 | RegOpenKeyExA |
Handle => 0x00000230 Registry => 0x80000002 SubKey => software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
SUCCESS | 0x00000000 | |
| 18:34:14,238 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 520 ValueName => ListviewScrollOver Type => 1299692 |
FAILURE | 0x00000002 | |
| 18:34:14,238 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,238 | 588 | RegCloseKey |
Handle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,238 | 588 | RegOpenKeyExA |
Handle => 0x00000238 Registry => 0x80000001 SubKey => software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
SUCCESS | 0x00000000 | |
| 18:34:14,238 | 588 | RegQueryValueExW |
Handle => 0x00000238 Data => 1 ValueName => ListviewWatermark |
SUCCESS | 0x00000000 | |
| 18:34:14,238 | 588 | RegCloseKey |
Handle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,238 | 588 | RegOpenKeyExA |
Handle => 0x00000238 Registry => 0x80000001 SubKey => software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
SUCCESS | 0x00000000 | |
| 18:34:14,238 | 588 | RegQueryValueExW |
Handle => 0x00000238 Data => 1 ValueName => ListviewAlphaSelect |
SUCCESS | 0x00000000 | |
| 18:34:14,238 | 588 | RegCloseKey |
Handle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,238 | 588 | RegOpenKeyExA |
Handle => 0x00000238 Registry => 0x80000001 SubKey => software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
SUCCESS | 0x00000000 | |
| 18:34:14,238 | 588 | RegQueryValueExW |
Handle => 0x00000238 Data => 1 ValueName => ListviewShadow |
SUCCESS | 0x00000000 | |
| 18:34:14,238 | 588 | RegCloseKey |
Handle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,528 | 588 | GetSystemMetrics |
SystemMetricIndex => 4096 |
SUCCESS | 0x00000000 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 11 |
SUCCESS | 0x00000020 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 12 |
SUCCESS | 0x00000020 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 38 |
SUCCESS | 0x0000004b | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 39 |
SUCCESS | 0x0000004b | |
| 18:34:14,538 | 588 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x00000238 ObjectAttributes => \REGISTRY\USER\S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 18:34:14,538 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => Control Panel\Desktop |
SUCCESS | 0x00000000 | |
| 18:34:14,538 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => SmoothScroll Type => 2001087048 |
FAILURE | 0x00000002 | |
| 18:34:14,538 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 0 |
SUCCESS | 0x00000320 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 1 |
SUCCESS | 0x00000258 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 32 |
SUCCESS | 0x00000004 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 33 |
SUCCESS | 0x00000004 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 36 |
SUCCESS | 0x00000004 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 37 |
SUCCESS | 0x00000004 | |
| 18:34:14,538 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
SUCCESS | 0x00000000 | |
| 18:34:14,538 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => EnableBalloonTips Type => 2001084784 |
FAILURE | 0x00000002 | |
| 18:34:14,538 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,538 | 588 | RegCloseKey |
Handle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 4096 |
SUCCESS | 0x00000000 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 11 |
SUCCESS | 0x00000020 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 12 |
SUCCESS | 0x00000020 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 38 |
SUCCESS | 0x0000004b | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 39 |
SUCCESS | 0x0000004b | |
| 18:34:14,538 | 588 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x00000238 ObjectAttributes => \REGISTRY\USER\S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 18:34:14,538 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => Control Panel\Desktop |
SUCCESS | 0x00000000 | |
| 18:34:14,538 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => SmoothScroll Type => 2001087048 |
FAILURE | 0x00000002 | |
| 18:34:14,538 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 0 |
SUCCESS | 0x00000320 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 1 |
SUCCESS | 0x00000258 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 32 |
SUCCESS | 0x00000004 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 33 |
SUCCESS | 0x00000004 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 36 |
SUCCESS | 0x00000004 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 37 |
SUCCESS | 0x00000004 | |
| 18:34:14,538 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
SUCCESS | 0x00000000 | |
| 18:34:14,538 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => EnableBalloonTips Type => 2001084784 |
FAILURE | 0x00000002 | |
| 18:34:14,538 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,538 | 588 | RegCloseKey |
Handle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 4096 |
SUCCESS | 0x00000000 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 11 |
SUCCESS | 0x00000020 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 12 |
SUCCESS | 0x00000020 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 38 |
SUCCESS | 0x0000004b | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 39 |
SUCCESS | 0x0000004b | |
| 18:34:14,538 | 588 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x00000238 ObjectAttributes => \REGISTRY\USER\S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 18:34:14,538 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => Control Panel\Desktop |
SUCCESS | 0x00000000 | |
| 18:34:14,538 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => SmoothScroll Type => 2001087048 |
FAILURE | 0x00000002 | |
| 18:34:14,538 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 0 |
SUCCESS | 0x00000320 | |
| 18:34:14,538 | 588 | GetSystemMetrics |
SystemMetricIndex => 1 |
SUCCESS | 0x00000258 | |
| 18:34:14,548 | 588 | GetSystemMetrics |
SystemMetricIndex => 32 |
SUCCESS | 0x00000004 | |
| 18:34:14,548 | 588 | GetSystemMetrics |
SystemMetricIndex => 33 |
SUCCESS | 0x00000004 | |
| 18:34:14,548 | 588 | GetSystemMetrics |
SystemMetricIndex => 36 |
SUCCESS | 0x00000004 | |
| 18:34:14,548 | 588 | GetSystemMetrics |
SystemMetricIndex => 37 |
SUCCESS | 0x00000004 | |
| 18:34:14,548 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
SUCCESS | 0x00000000 | |
| 18:34:14,548 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => EnableBalloonTips Type => 2001084784 |
FAILURE | 0x00000002 | |
| 18:34:14,548 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,548 | 588 | RegCloseKey |
Handle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,548 | 588 | GetSystemMetrics |
SystemMetricIndex => 72 |
SUCCESS | 0x0000000d | |
| 18:34:14,548 | 588 | GetSystemMetrics |
SystemMetricIndex => 4096 |
SUCCESS | 0x00000000 | |
| 18:34:14,548 | 588 | GetSystemMetrics |
SystemMetricIndex => 11 |
SUCCESS | 0x00000020 | |
| 18:34:14,558 | 588 | GetSystemMetrics |
SystemMetricIndex => 12 |
SUCCESS | 0x00000020 | |
| 18:34:14,558 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,558 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,558 | 588 | GetSystemMetrics |
SystemMetricIndex => 38 |
SUCCESS | 0x0000004b | |
| 18:34:14,558 | 588 | GetSystemMetrics |
SystemMetricIndex => 39 |
SUCCESS | 0x0000004b | |
| 18:34:14,558 | 588 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x00000238 ObjectAttributes => \REGISTRY\USER\S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 18:34:14,558 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => Control Panel\Desktop |
SUCCESS | 0x00000000 | |
| 18:34:14,558 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => SmoothScroll Type => 2001087048 |
FAILURE | 0x00000002 | |
| 18:34:14,558 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,558 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:14,558 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:14,558 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,558 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,558 | 588 | GetSystemMetrics |
SystemMetricIndex => 0 |
SUCCESS | 0x00000320 | |
| 18:34:14,558 | 588 | GetSystemMetrics |
SystemMetricIndex => 1 |
SUCCESS | 0x00000258 | |
| 18:34:14,558 | 588 | GetSystemMetrics |
SystemMetricIndex => 32 |
SUCCESS | 0x00000004 | |
| 18:34:14,558 | 588 | GetSystemMetrics |
SystemMetricIndex => 33 |
SUCCESS | 0x00000004 | |
| 18:34:14,558 | 588 | GetSystemMetrics |
SystemMetricIndex => 36 |
SUCCESS | 0x00000004 | |
| 18:34:14,558 | 588 | GetSystemMetrics |
SystemMetricIndex => 37 |
SUCCESS | 0x00000004 | |
| 18:34:14,558 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
SUCCESS | 0x00000000 | |
| 18:34:14,558 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => EnableBalloonTips Type => 2001084784 |
FAILURE | 0x00000002 | |
| 18:34:14,558 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,558 | 588 | RegCloseKey |
Handle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 72 |
SUCCESS | 0x0000000d | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 4096 |
SUCCESS | 0x00000000 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 11 |
SUCCESS | 0x00000020 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 12 |
SUCCESS | 0x00000020 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 38 |
SUCCESS | 0x0000004b | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 39 |
SUCCESS | 0x0000004b | |
| 18:34:14,568 | 588 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x00000238 ObjectAttributes => \REGISTRY\USER\S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 18:34:14,568 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => Control Panel\Desktop |
SUCCESS | 0x00000000 | |
| 18:34:14,568 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => SmoothScroll Type => 2001087048 |
FAILURE | 0x00000002 | |
| 18:34:14,568 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 0 |
SUCCESS | 0x00000320 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 1 |
SUCCESS | 0x00000258 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 32 |
SUCCESS | 0x00000004 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 33 |
SUCCESS | 0x00000004 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 36 |
SUCCESS | 0x00000004 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 37 |
SUCCESS | 0x00000004 | |
| 18:34:14,568 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
SUCCESS | 0x00000000 | |
| 18:34:14,568 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => EnableBalloonTips Type => 2001084784 |
FAILURE | 0x00000002 | |
| 18:34:14,568 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,568 | 588 | RegCloseKey |
Handle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 4096 |
SUCCESS | 0x00000000 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 11 |
SUCCESS | 0x00000020 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 12 |
SUCCESS | 0x00000020 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 38 |
SUCCESS | 0x0000004b | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 39 |
SUCCESS | 0x0000004b | |
| 18:34:14,568 | 588 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x00000238 ObjectAttributes => \REGISTRY\USER\S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 18:34:14,568 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => Control Panel\Desktop |
SUCCESS | 0x00000000 | |
| 18:34:14,568 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => SmoothScroll Type => 2001087048 |
FAILURE | 0x00000002 | |
| 18:34:14,568 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 0 |
SUCCESS | 0x00000320 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 1 |
SUCCESS | 0x00000258 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 32 |
SUCCESS | 0x00000004 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 33 |
SUCCESS | 0x00000004 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 36 |
SUCCESS | 0x00000004 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 37 |
SUCCESS | 0x00000004 | |
| 18:34:14,568 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
SUCCESS | 0x00000000 | |
| 18:34:14,568 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => EnableBalloonTips Type => 2001084784 |
FAILURE | 0x00000002 | |
| 18:34:14,568 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,568 | 588 | RegCloseKey |
Handle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 72 |
SUCCESS | 0x0000000d | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 4096 |
SUCCESS | 0x00000000 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 11 |
SUCCESS | 0x00000020 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 12 |
SUCCESS | 0x00000020 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 38 |
SUCCESS | 0x0000004b | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 39 |
SUCCESS | 0x0000004b | |
| 18:34:14,568 | 588 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x00000238 ObjectAttributes => \REGISTRY\USER\S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 18:34:14,568 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => Control Panel\Desktop |
SUCCESS | 0x00000000 | |
| 18:34:14,568 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => SmoothScroll Type => 2001087048 |
FAILURE | 0x00000002 | |
| 18:34:14,568 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 0 |
SUCCESS | 0x00000320 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 1 |
SUCCESS | 0x00000258 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 32 |
SUCCESS | 0x00000004 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 33 |
SUCCESS | 0x00000004 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 36 |
SUCCESS | 0x00000004 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 37 |
SUCCESS | 0x00000004 | |
| 18:34:14,568 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
SUCCESS | 0x00000000 | |
| 18:34:14,568 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => EnableBalloonTips Type => 2001084784 |
FAILURE | 0x00000002 | |
| 18:34:14,568 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,568 | 588 | RegCloseKey |
Handle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,568 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\windows\CurrentVersion\Explorer\AutoComplete |
FAILURE | 0x00000002 | |
| 18:34:14,568 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\windows\CurrentVersion\Explorer\AutoComplete |
FAILURE | 0x00000002 | |
| 18:34:14,568 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\windows\CurrentVersion\Explorer\AutoComplete |
FAILURE | 0x00000002 | |
| 18:34:14,568 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\windows\CurrentVersion\Explorer\AutoComplete |
FAILURE | 0x00000002 | |
| 18:34:14,568 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\windows\CurrentVersion\Explorer\AutoComplete |
FAILURE | 0x00000002 | |
| 18:34:14,568 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\windows\CurrentVersion\Explorer\AutoComplete |
FAILURE | 0x00000002 | |
| 18:34:14,568 | 588 | RegOpenKeyExW |
Handle => 0x00000238 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\TypedURLs |
SUCCESS | 0x00000000 | |
| 18:34:14,568 | 588 | RegCloseKey |
Handle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 4096 |
SUCCESS | 0x00000000 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 11 |
SUCCESS | 0x00000020 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 12 |
SUCCESS | 0x00000020 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 38 |
SUCCESS | 0x0000004b | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 39 |
SUCCESS | 0x0000004b | |
| 18:34:14,568 | 588 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x00000238 ObjectAttributes => \REGISTRY\USER\S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 18:34:14,568 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => Control Panel\Desktop |
SUCCESS | 0x00000000 | |
| 18:34:14,568 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => SmoothScroll Type => 2001087048 |
FAILURE | 0x00000002 | |
| 18:34:14,568 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 0 |
SUCCESS | 0x00000320 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 1 |
SUCCESS | 0x00000258 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 32 |
SUCCESS | 0x00000004 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 33 |
SUCCESS | 0x00000004 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 36 |
SUCCESS | 0x00000004 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 37 |
SUCCESS | 0x00000004 | |
| 18:34:14,568 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
SUCCESS | 0x00000000 | |
| 18:34:14,568 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => EnableBalloonTips Type => 2001084784 |
FAILURE | 0x00000002 | |
| 18:34:14,568 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,568 | 588 | RegCloseKey |
Handle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 72 |
SUCCESS | 0x0000000d | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 4096 |
SUCCESS | 0x00000000 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 11 |
SUCCESS | 0x00000020 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 12 |
SUCCESS | 0x00000020 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 38 |
SUCCESS | 0x0000004b | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 39 |
SUCCESS | 0x0000004b | |
| 18:34:14,568 | 588 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x00000238 ObjectAttributes => \REGISTRY\USER\S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 18:34:14,568 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => Control Panel\Desktop |
SUCCESS | 0x00000000 | |
| 18:34:14,568 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => SmoothScroll Type => 2001087048 |
FAILURE | 0x00000002 | |
| 18:34:14,568 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 0 |
SUCCESS | 0x00000320 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 1 |
SUCCESS | 0x00000258 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 32 |
SUCCESS | 0x00000004 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 33 |
SUCCESS | 0x00000004 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 36 |
SUCCESS | 0x00000004 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 37 |
SUCCESS | 0x00000004 | |
| 18:34:14,568 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
SUCCESS | 0x00000000 | |
| 18:34:14,568 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => EnableBalloonTips Type => 2001084784 |
FAILURE | 0x00000002 | |
| 18:34:14,568 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,568 | 588 | RegCloseKey |
Handle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 4096 |
SUCCESS | 0x00000000 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 11 |
SUCCESS | 0x00000020 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 12 |
SUCCESS | 0x00000020 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 38 |
SUCCESS | 0x0000004b | |
| 18:34:14,568 | 588 | GetSystemMetrics |
SystemMetricIndex => 39 |
SUCCESS | 0x0000004b | |
| 18:34:14,568 | 588 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x00000238 ObjectAttributes => \REGISTRY\USER\S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => Control Panel\Desktop |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => SmoothScroll Type => 2001087048 |
FAILURE | 0x00000002 | |
| 18:34:14,578 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 0 |
SUCCESS | 0x00000320 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 1 |
SUCCESS | 0x00000258 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 32 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 33 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 36 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 37 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => EnableBalloonTips Type => 2001084784 |
FAILURE | 0x00000002 | |
| 18:34:14,578 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegCloseKey |
Handle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 72 |
SUCCESS | 0x0000000d | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 4096 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 11 |
SUCCESS | 0x00000020 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 12 |
SUCCESS | 0x00000020 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 38 |
SUCCESS | 0x0000004b | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 39 |
SUCCESS | 0x0000004b | |
| 18:34:14,578 | 588 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x00000238 ObjectAttributes => \REGISTRY\USER\S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => Control Panel\Desktop |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => SmoothScroll Type => 2001087048 |
FAILURE | 0x00000002 | |
| 18:34:14,578 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 0 |
SUCCESS | 0x00000320 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 1 |
SUCCESS | 0x00000258 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 32 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 33 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 36 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 37 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => EnableBalloonTips Type => 2001084784 |
FAILURE | 0x00000002 | |
| 18:34:14,578 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegCloseKey |
Handle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 72 |
SUCCESS | 0x0000000d | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 4096 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 11 |
SUCCESS | 0x00000020 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 12 |
SUCCESS | 0x00000020 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 38 |
SUCCESS | 0x0000004b | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 39 |
SUCCESS | 0x0000004b | |
| 18:34:14,578 | 588 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x00000238 ObjectAttributes => \REGISTRY\USER\S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => Control Panel\Desktop |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => SmoothScroll Type => 2001087048 |
FAILURE | 0x00000002 | |
| 18:34:14,578 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 0 |
SUCCESS | 0x00000320 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 1 |
SUCCESS | 0x00000258 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 32 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 33 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 36 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 37 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => EnableBalloonTips Type => 2001084784 |
FAILURE | 0x00000002 | |
| 18:34:14,578 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegCloseKey |
Handle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 4096 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 11 |
SUCCESS | 0x00000020 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 12 |
SUCCESS | 0x00000020 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 38 |
SUCCESS | 0x0000004b | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 39 |
SUCCESS | 0x0000004b | |
| 18:34:14,578 | 588 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x00000238 ObjectAttributes => \REGISTRY\USER\S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => Control Panel\Desktop |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => SmoothScroll Type => 2001087048 |
FAILURE | 0x00000002 | |
| 18:34:14,578 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 0 |
SUCCESS | 0x00000320 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 1 |
SUCCESS | 0x00000258 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 32 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 33 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 36 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 37 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => EnableBalloonTips Type => 2001084784 |
FAILURE | 0x00000002 | |
| 18:34:14,578 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegCloseKey |
Handle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 72 |
SUCCESS | 0x0000000d | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 4096 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 11 |
SUCCESS | 0x00000020 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 12 |
SUCCESS | 0x00000020 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 38 |
SUCCESS | 0x0000004b | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 39 |
SUCCESS | 0x0000004b | |
| 18:34:14,578 | 588 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x00000238 ObjectAttributes => \REGISTRY\USER\S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => Control Panel\Desktop |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => SmoothScroll Type => 2001087048 |
FAILURE | 0x00000002 | |
| 18:34:14,578 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 0 |
SUCCESS | 0x00000320 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 1 |
SUCCESS | 0x00000258 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 32 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 33 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 36 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 37 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => EnableBalloonTips Type => 2001084784 |
FAILURE | 0x00000002 | |
| 18:34:14,578 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegCloseKey |
Handle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 72 |
SUCCESS | 0x0000000d | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 4096 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 11 |
SUCCESS | 0x00000020 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 12 |
SUCCESS | 0x00000020 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 38 |
SUCCESS | 0x0000004b | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 39 |
SUCCESS | 0x0000004b | |
| 18:34:14,578 | 588 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x00000238 ObjectAttributes => \REGISTRY\USER\S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => Control Panel\Desktop |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => SmoothScroll Type => 2001087048 |
FAILURE | 0x00000002 | |
| 18:34:14,578 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 0 |
SUCCESS | 0x00000320 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 1 |
SUCCESS | 0x00000258 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 32 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 33 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 36 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 37 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => EnableBalloonTips Type => 2001084784 |
FAILURE | 0x00000002 | |
| 18:34:14,578 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegCloseKey |
Handle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 4096 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 11 |
SUCCESS | 0x00000020 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 12 |
SUCCESS | 0x00000020 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 38 |
SUCCESS | 0x0000004b | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 39 |
SUCCESS | 0x0000004b | |
| 18:34:14,578 | 588 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x00000238 ObjectAttributes => \REGISTRY\USER\S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => Control Panel\Desktop |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => SmoothScroll Type => 2001087048 |
FAILURE | 0x00000002 | |
| 18:34:14,578 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 0 |
SUCCESS | 0x00000320 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 1 |
SUCCESS | 0x00000258 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 32 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 33 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 36 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 37 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => EnableBalloonTips Type => 2001084784 |
FAILURE | 0x00000002 | |
| 18:34:14,578 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegCloseKey |
Handle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 72 |
SUCCESS | 0x0000000d | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 4096 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 11 |
SUCCESS | 0x00000020 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 12 |
SUCCESS | 0x00000020 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 38 |
SUCCESS | 0x0000004b | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 39 |
SUCCESS | 0x0000004b | |
| 18:34:14,578 | 588 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x00000238 ObjectAttributes => \REGISTRY\USER\S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => Control Panel\Desktop |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => SmoothScroll Type => 2001087048 |
FAILURE | 0x00000002 | |
| 18:34:14,578 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 0 |
SUCCESS | 0x00000320 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 1 |
SUCCESS | 0x00000258 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 32 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 33 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 36 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 37 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => EnableBalloonTips Type => 2001084784 |
FAILURE | 0x00000002 | |
| 18:34:14,578 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegCloseKey |
Handle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\windows\CurrentVersion\Explorer\AutoComplete |
FAILURE | 0x00000002 | |
| 18:34:14,578 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\windows\CurrentVersion\Explorer\AutoComplete |
FAILURE | 0x00000002 | |
| 18:34:14,578 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\windows\CurrentVersion\Explorer\AutoComplete |
FAILURE | 0x00000002 | |
| 18:34:14,578 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\windows\CurrentVersion\Explorer\AutoComplete |
FAILURE | 0x00000002 | |
| 18:34:14,578 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\windows\CurrentVersion\Explorer\AutoComplete |
FAILURE | 0x00000002 | |
| 18:34:14,578 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\windows\CurrentVersion\Explorer\AutoComplete |
FAILURE | 0x00000002 | |
| 18:34:14,578 | 588 | RegOpenKeyExW |
Handle => 0x00000238 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\TypedURLs |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegCloseKey |
Handle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 4096 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 11 |
SUCCESS | 0x00000020 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 12 |
SUCCESS | 0x00000020 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 38 |
SUCCESS | 0x0000004b | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 39 |
SUCCESS | 0x0000004b | |
| 18:34:14,578 | 588 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x00000238 ObjectAttributes => \REGISTRY\USER\S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => Control Panel\Desktop |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => SmoothScroll Type => 2001087048 |
FAILURE | 0x00000002 | |
| 18:34:14,578 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 0 |
SUCCESS | 0x00000320 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 1 |
SUCCESS | 0x00000258 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 32 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 33 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 36 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 37 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => EnableBalloonTips Type => 2001084784 |
FAILURE | 0x00000002 | |
| 18:34:14,578 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegCloseKey |
Handle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 4096 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 11 |
SUCCESS | 0x00000020 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 12 |
SUCCESS | 0x00000020 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 38 |
SUCCESS | 0x0000004b | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 39 |
SUCCESS | 0x0000004b | |
| 18:34:14,578 | 588 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x00000238 ObjectAttributes => \REGISTRY\USER\S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => Control Panel\Desktop |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => SmoothScroll Type => 2001087048 |
FAILURE | 0x00000002 | |
| 18:34:14,578 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 0 |
SUCCESS | 0x00000320 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 1 |
SUCCESS | 0x00000258 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 32 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 33 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 36 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 37 |
SUCCESS | 0x00000004 | |
| 18:34:14,578 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => EnableBalloonTips Type => 2001084784 |
FAILURE | 0x00000002 | |
| 18:34:14,578 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | RegCloseKey |
Handle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 4096 |
SUCCESS | 0x00000000 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 11 |
SUCCESS | 0x00000020 | |
| 18:34:14,578 | 588 | GetSystemMetrics |
SystemMetricIndex => 12 |
SUCCESS | 0x00000020 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 38 |
SUCCESS | 0x0000004b | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 39 |
SUCCESS | 0x0000004b | |
| 18:34:14,588 | 588 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x00000238 ObjectAttributes => \REGISTRY\USER\S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => Control Panel\Desktop |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => SmoothScroll Type => 2001087048 |
FAILURE | 0x00000002 | |
| 18:34:14,588 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 0 |
SUCCESS | 0x00000320 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 1 |
SUCCESS | 0x00000258 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 32 |
SUCCESS | 0x00000004 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 33 |
SUCCESS | 0x00000004 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 36 |
SUCCESS | 0x00000004 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 37 |
SUCCESS | 0x00000004 | |
| 18:34:14,588 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => EnableBalloonTips Type => 2001084784 |
FAILURE | 0x00000002 | |
| 18:34:14,588 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | RegCloseKey |
Handle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 72 |
SUCCESS | 0x0000000d | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 4096 |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 11 |
SUCCESS | 0x00000020 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 12 |
SUCCESS | 0x00000020 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 38 |
SUCCESS | 0x0000004b | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 39 |
SUCCESS | 0x0000004b | |
| 18:34:14,588 | 588 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x00000238 ObjectAttributes => \REGISTRY\USER\S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => Control Panel\Desktop |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => SmoothScroll Type => 2001087048 |
FAILURE | 0x00000002 | |
| 18:34:14,588 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 0 |
SUCCESS | 0x00000320 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 1 |
SUCCESS | 0x00000258 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 32 |
SUCCESS | 0x00000004 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 33 |
SUCCESS | 0x00000004 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 36 |
SUCCESS | 0x00000004 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 37 |
SUCCESS | 0x00000004 | |
| 18:34:14,588 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => EnableBalloonTips Type => 2001084784 |
FAILURE | 0x00000002 | |
| 18:34:14,588 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | RegCloseKey |
Handle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 72 |
SUCCESS | 0x0000000d | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 4096 |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 11 |
SUCCESS | 0x00000020 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 12 |
SUCCESS | 0x00000020 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 38 |
SUCCESS | 0x0000004b | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 39 |
SUCCESS | 0x0000004b | |
| 18:34:14,588 | 588 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x00000238 ObjectAttributes => \REGISTRY\USER\S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => Control Panel\Desktop |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => SmoothScroll Type => 2001087048 |
FAILURE | 0x00000002 | |
| 18:34:14,588 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 0 |
SUCCESS | 0x00000320 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 1 |
SUCCESS | 0x00000258 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 32 |
SUCCESS | 0x00000004 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 33 |
SUCCESS | 0x00000004 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 36 |
SUCCESS | 0x00000004 | |
| 18:34:14,588 | 588 | GetSystemMetrics |
SystemMetricIndex => 37 |
SUCCESS | 0x00000004 | |
| 18:34:14,588 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => software\Microsoft\Windows\CurrentVersion\Explorer\Advanced |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | RegQueryValueExW |
Handle => 0x00000230 DataLength => 4 ValueName => EnableBalloonTips Type => 2001084784 |
FAILURE | 0x00000002 | |
| 18:34:14,588 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | RegCloseKey |
Handle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | LdrGetDllHandle |
ModuleHandle => 0x77120000 FileName => OLEAUT32.DLL |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | LdrLoadDll |
Flags => 1293080 BaseAddress => 0x77120000 FileName => OLEAUT32.dll |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | LdrGetProcedureAddress |
Ordinal => 2 FunctionName => FunctionAddress => 0x77124ba2 ModuleHandle => 0x77120000 |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | LdrGetProcedureAddress |
Ordinal => 6 FunctionName => FunctionAddress => 0x77124880 ModuleHandle => 0x77120000 |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | NtQueryInformationFile |
FileHandle => 0x00000174 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | LdrGetProcedureAddress |
Ordinal => 334 FunctionName => FunctionAddress => 0x773e0f5a ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | LdrGetProcedureAddress |
Ordinal => 332 FunctionName => FunctionAddress => 0x773e0df4 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | LdrGetProcedureAddress |
Ordinal => 321 FunctionName => FunctionAddress => 0x773e0aa1 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | RegOpenKeyExW |
Handle => 0x00000238 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | RegQueryValueExW |
Handle => 0x00000238 DataLength => 4 ValueName => Security_HKLM_only Type => 1296716 |
FAILURE | 0x00000002 | |
| 18:34:14,588 | 588 | RegCloseKey |
Handle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:14,588 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:14,588 | 588 | RegOpenKeyExW |
Handle => 0x00000238 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:14,588 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000238 SubKey => FEATURE_CLOSE_EMPTY_BROWSER_KB920982 |
FAILURE | 0x00000002 | |
| 18:34:14,588 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 18:34:14,588 | 588 | RegCloseKey |
Handle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 18:34:14,588 | 588 | RegOpenKeyExA |
Handle => 0x00000238 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\New Windows |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | RegQueryValueExW |
Handle => 0x00000238 DataLength => 520 ValueName => EnableHooks Type => 1296752 |
FAILURE | 0x00000002 | |
| 18:34:14,588 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\New Windows |
FAILURE | 0x00000002 | |
| 18:34:14,588 | 588 | RegCloseKey |
Handle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | SetWindowsHookExW |
ProcedureAddress => 0x7e2bdd0e HookIdentifier => 7 ModuleAddress => 0x00000000 ThreadId => 588 |
SUCCESS | 0x000500f1 | |
| 18:34:14,588 | 588 | SetWindowsHookExW |
ProcedureAddress => 0x7e32f563 HookIdentifier => 2 ModuleAddress => 0x00000000 ThreadId => 588 |
SUCCESS | 0x000500f5 | |
| 18:34:14,588 | 588 | RegOpenKeyExW |
Handle => 0x00000238 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Extensions |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | RegEnumKeyExW |
Index => 0 Handle => 0x00000238 Name => CmdMapping Class => |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | RegEnumKeyExW |
Index => 1 Handle => 0x00000238 Name => CmdMapping Class => |
FAILURE | 0x00000103 | |
| 18:34:14,588 | 588 | RegCloseKey |
Handle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | RegOpenKeyExW |
Handle => 0x00000238 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Extensions |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | RegEnumKeyExW |
Index => 0 Handle => 0x00000238 Name => {e2e2dd38-d088-4134-82b7-f2ba38496583} Class => |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => {e2e2dd38-d088-4134-82b7-f2ba38496583} |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | RegQueryValueExW |
Handle => 0x00000230 Data => {\x001\x00F\x00B\x00A\x000\x004\x00E\x00E\x00-\x003\x000\x002\x004\x00-\x001\x001\x00d\x002\x00-\x008\x00F\x001\x00F\x00-\x000\x000\x000\x000\x00F\x008\x007\x00A\x00B\x00D\x001\x006\x00}\x00\x00\x00 ValueName => clsid |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | LdrLoadDll |
Flags => 1296540 BaseAddress => 0x7e1e0000 FileName => urlmon.dll |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoInternetIsFeatureEnabled FunctionAddress => 0x7e1e27c0 ModuleHandle => 0x7e1e0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => StringFromGUID2 FunctionAddress => 0x774fde12 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID |
FAILURE | 0x00000002 | |
| 18:34:14,588 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID |
FAILURE | 0x00000002 | |
| 18:34:14,588 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\ |
FAILURE | 0x00000002 | |
| 18:34:14,588 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\ |
FAILURE | 0x00000002 | |
| 18:34:14,588 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E2E2DD38-D088-4134-82B7-F2BA38496583} |
FAILURE | 0x00000002 | |
| 18:34:14,588 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E2E2DD38-D088-4134-82B7-F2BA38496583} |
FAILURE | 0x00000002 | |
| 18:34:14,588 | 588 | RegCreateKeyExW |
Handle => 0x0000023c Access => 131103 Registry => 0x80000001 Class => SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | RegSetValueExW |
Handle => 0x0000023c Buffer => 4 ValueName => Type Type => 4 |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | RegQueryValueExW |
Handle => 0x0000023c Data => 2 ValueName => Count |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | RegSetValueExW |
Handle => 0x0000023c Buffer => 3 ValueName => Count Type => 4 |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | RegSetValueExW |
Handle => 0x0000023c Buffer => ValueName => Time Type => 3 |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | RegCloseKey |
Handle => 0x0000023c |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => StringFromCLSID FunctionAddress => 0x7750ca98 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Extensions\{E2E2DD38-D088-4134-82B7-F2BA38496583} |
FAILURE | 0x00000002 | |
| 18:34:14,588 | 588 | RegOpenKeyExW |
Handle => 0x0000023c Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Extensions\{E2E2DD38-D088-4134-82B7-F2BA38496583} |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000023c SubKey => Lang0409 |
FAILURE | 0x00000002 | |
| 18:34:14,588 | 588 | RegQueryValueExW |
Handle => 0x0000023c DataLength => 520 ValueName => ButtonText Type => 1295108 |
FAILURE | 0x00000002 | |
| 18:34:14,588 | 588 | RegQueryValueExW |
Handle => 0x0000023c Data => %\x00w\x00i\x00n\x00d\x00i\x00r\x00%\x00\\x00N\x00e\x00t\x00w\x00o\x00r\x00k\x00 \x00D\x00i\x00a\x00g\x00n\x00o\x00s\x00t\x00i\x00c\x00\\x00x\x00p\x00n\x00e\x00t\x00d\x00i\x00a\x00g\x00.\x00e\x00x\x00e\x00\x00\x00 ValueName => Exec |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | RegQueryValueExW |
Handle => 0x0000023c DataLength => 520 ValueName => Script Type => 1296188 |
FAILURE | 0x00000002 | |
| 18:34:14,588 | 588 | RegQueryValueExW |
Handle => 0x0000023c Data => @\x00x\x00p\x00s\x00p\x003\x00r\x00e\x00s\x00.\x00d\x00l\x00l\x00,\x00-\x002\x000\x000\x000\x001\x00\x00\x00 ValueName => MenuText |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | RegOpenKeyExW |
Handle => 0x00000240 Registry => 0x00000160 SubKey => MUICache |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | RegQueryValueExW |
Handle => 0x00000240 Data => ValueName => LangID |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | RegOpenKeyExW |
Handle => 0x00000250 Registry => 0x00000240 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | RegQueryValueExW |
Handle => 0x00000250 DataLength => 520 ValueName => @xpsp3res.dll,-20001 Type => 1296188 |
FAILURE | 0x00000002 | |
| 18:34:14,588 | 588 | RegCloseKey |
Handle => 0x00000250 |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => xpsp3res.dll |
FAILURE | 3221225781 | |
| 18:34:14,588 | 588 | NtCreateFile |
ShareAccess => 5 FileName => C:\WINDOWS\system32\xpsp3res.dll DesiredAccess => 0x80100080 CreateDisposition => 1 FileHandle => 0x00000250 |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0005 SectionHandle => 0x00000244 FileHandle => 0x00000250 |
SUCCESS | 0x00000000 | |
| 18:34:14,588 | 588 | ZwMapViewOfSection |
SectionOffset => 0x0013bd68 SectionHandle => 0x00000244 ProcessHandle => 0xffffffff BaseAddress => 0x01020000 |
SUCCESS | 0x00000000 | |
| 18:34:14,598 | 588 | RegOpenKeyExW |
Handle => 0x00000244 Registry => 0x00000240 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:14,598 | 588 | RegSetValueExW |
Handle => 0x00000244 Buffer => D\x00i\x00a\x00g\x00n\x00o\x00s\x00e\x00 \x00C\x00o\x00n\x00n\x00e\x00c\x00t\x00i\x00o\x00n\x00 \x00P\x00r\x00o\x00b\x00l\x00e\x00m\x00s\x00.\x00.\x00.\x00\x00\x00 ValueName => @xpsp3res.dll,-20001 Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:14,598 | 588 | RegCloseKey |
Handle => 0x00000244 |
SUCCESS | 0x00000000 | |
| 18:34:14,598 | 588 | RegQueryValueExW |
Handle => 0x0000023c DataLength => 520 ValueName => MenuCustomize Type => 1296188 |
FAILURE | 0x00000002 | |
| 18:34:14,598 | 588 | RegQueryValueExW |
Handle => 0x0000023c DataLength => 520 ValueName => MenuStatusBar Type => 1296188 |
FAILURE | 0x00000002 | |
| 18:34:14,598 | 588 | RegCreateKeyExW |
Handle => 0x00000244 Access => 131103 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Internet Explorer\Extensions\CmdMapping |
SUCCESS | 0x00000000 | |
| 18:34:14,598 | 588 | RegQueryValueExW |
Handle => 0x00000244 Data => 8192 ValueName => {e2e2dd38-d088-4134-82b7-f2ba38496583} |
SUCCESS | 0x00000000 | |
| 18:34:14,598 | 588 | RegCloseKey |
Handle => 0x00000244 |
SUCCESS | 0x00000000 | |
| 18:34:14,598 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,598 | 588 | RegEnumKeyExW |
Index => 1 Handle => 0x00000238 Name => {FB5F1910-F110-11d2-BB9E-00C04F795683} Class => |
SUCCESS | 0x00000000 | |
| 18:34:14,598 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x00000238 SubKey => {FB5F1910-F110-11d2-BB9E-00C04F795683} |
SUCCESS | 0x00000000 | |
| 18:34:14,598 | 588 | RegQueryValueExW |
Handle => 0x00000230 Data => {\x001\x00F\x00B\x00A\x000\x004\x00E\x00E\x00-\x003\x000\x002\x004\x00-\x001\x001\x00D\x002\x00-\x008\x00F\x001\x00F\x00-\x000\x000\x000\x000\x00F\x008\x007\x00A\x00B\x00D\x001\x006\x00}\x00\x00\x00 ValueName => clsid |
SUCCESS | 0x00000000 | |
| 18:34:14,598 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID |
FAILURE | 0x00000002 | |
| 18:34:14,598 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID |
FAILURE | 0x00000002 | |
| 18:34:14,598 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\ |
FAILURE | 0x00000002 | |
| 18:34:14,598 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\ |
FAILURE | 0x00000002 | |
| 18:34:14,598 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FB5F1910-F110-11D2-BB9E-00C04F795683} |
FAILURE | 0x00000002 | |
| 18:34:14,598 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FB5F1910-F110-11D2-BB9E-00C04F795683} |
FAILURE | 0x00000002 | |
| 18:34:14,598 | 588 | RegCreateKeyExW |
Handle => 0x00000244 Access => 131103 Registry => 0x80000001 Class => SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore |
SUCCESS | 0x00000000 | |
| 18:34:14,598 | 588 | RegSetValueExW |
Handle => 0x00000244 Buffer => 4 ValueName => Type Type => 4 |
SUCCESS | 0x00000000 | |
| 18:34:14,598 | 588 | RegQueryValueExW |
Handle => 0x00000244 Data => 2 ValueName => Count |
SUCCESS | 0x00000000 | |
| 18:34:14,598 | 588 | RegSetValueExW |
Handle => 0x00000244 Buffer => 3 ValueName => Count Type => 4 |
SUCCESS | 0x00000000 | |
| 18:34:14,598 | 588 | RegSetValueExW |
Handle => 0x00000244 Buffer => ValueName => Time Type => 3 |
SUCCESS | 0x00000000 | |
| 18:34:14,598 | 588 | RegCloseKey |
Handle => 0x00000244 |
SUCCESS | 0x00000000 | |
| 18:34:14,598 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11D2-BB9E-00C04F795683} |
FAILURE | 0x00000002 | |
| 18:34:14,598 | 588 | RegOpenKeyExW |
Handle => 0x00000244 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11D2-BB9E-00C04F795683} |
SUCCESS | 0x00000000 | |
| 18:34:14,598 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000244 SubKey => Lang0409 |
FAILURE | 0x00000002 | |
| 18:34:14,598 | 588 | RegQueryValueExW |
Handle => 0x00000244 Data => M\x00e\x00s\x00s\x00e\x00n\x00g\x00e\x00r\x00\x00\x00 ValueName => ButtonText |
SUCCESS | 0x00000000 | |
| 18:34:14,598 | 588 | RegQueryValueExW |
Handle => 0x00000244 Data => C\x00:\x00\\x00P\x00r\x00o\x00g\x00r\x00a\x00m\x00 \x00F\x00i\x00l\x00e\x00s\x00\\x00M\x00e\x00s\x00s\x00e\x00n\x00g\x00e\x00r\x00\\x00m\x00s\x00m\x00s\x00g\x00s\x00.\x00e\x00x\x00e\x00\x00\x00 ValueName => Exec |
SUCCESS | 0x00000000 | |
| 18:34:14,598 | 588 | RegQueryValueExW |
Handle => 0x00000244 DataLength => 520 ValueName => Script Type => 1296188 |
FAILURE | 0x00000002 | |
| 18:34:14,598 | 588 | RegQueryValueExW |
Handle => 0x00000244 Data => W\x00i\x00n\x00d\x00o\x00w\x00s\x00 \x00M\x00e\x00s\x00s\x00e\x00n\x00g\x00e\x00r\x00\x00\x00 ValueName => MenuText |
SUCCESS | 0x00000000 | |
| 18:34:14,598 | 588 | RegQueryValueExW |
Handle => 0x00000244 DataLength => 520 ValueName => MenuCustomize Type => 1296188 |
FAILURE | 0x00000002 | |
| 18:34:14,598 | 588 | RegQueryValueExW |
Handle => 0x00000244 DataLength => 520 ValueName => MenuStatusBar Type => 1296188 |
FAILURE | 0x00000002 | |
| 18:34:14,598 | 588 | RegCreateKeyExW |
Handle => 0x00000250 Access => 131103 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Internet Explorer\Extensions\CmdMapping |
SUCCESS | 0x00000000 | |
| 18:34:14,598 | 588 | RegQueryValueExW |
Handle => 0x00000250 Data => 8193 ValueName => {FB5F1910-F110-11d2-BB9E-00C04F795683} |
SUCCESS | 0x00000000 | |
| 18:34:14,598 | 588 | RegCloseKey |
Handle => 0x00000250 |
SUCCESS | 0x00000000 | |
| 18:34:14,598 | 588 | RegQueryValueExW |
Handle => 0x00000244 Data => Y\x00e\x00s\x00\x00\x00 ValueName => Default Visible |
SUCCESS | 0x00000000 | |
| 18:34:14,598 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,598 | 588 | RegEnumKeyExW |
Index => 2 Handle => 0x00000238 Name => {FB5F1910-F110-11d2-BB9E-00C04F795683} Class => |
FAILURE | 0x00000103 | |
| 18:34:14,598 | 588 | RegCloseKey |
Handle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,598 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoInitializeEx FunctionAddress => 0x774fef7b ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,598 | 588 | RegOpenKeyExW |
Handle => 0x00000238 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:14,598 | 588 | RegQueryValueExW |
Handle => 0x00000238 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:14,598 | 588 | RegCloseKey |
Handle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,598 | 588 | RegOpenKeyExW |
Handle => 0x00000238 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegQueryValueExW |
Handle => 0x00000238 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegCloseKey |
Handle => 0x00000238 |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegOpenKeyExW |
Handle => 0x0000023a Registry => 0x000000e6 SubKey => CLSID\{7B8A2D95-0AC9-11D1-896C-00C04FB6BFC4} |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000023a SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:14,608 | 588 | RegOpenKeyExW |
Handle => 0x00000232 Registry => 0x000000e6 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegCloseKey |
Handle => 0x0000023a |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegOpenKeyExW |
Handle => 0x0000023a Registry => 0x00000232 SubKey => CLSID\{7B8A2D95-0AC9-11D1-896C-00C04FB6BFC4} |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegOpenKeyExW |
Handle => 0x00000252 Registry => 0x0000023a SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegQueryValueExW |
Handle => 0x00000252 DataLength => 1000 ValueName => InprocServer32 Type => 1568064 |
FAILURE | 0x00000002 | |
| 18:34:14,608 | 588 | RegCloseKey |
Handle => 0x00000252 |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000023a SubKey => InprocServerX86 |
FAILURE | 0x00000002 | |
| 18:34:14,608 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000023a SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:14,608 | 588 | RegOpenKeyExW |
Handle => 0x00000252 Registry => 0x0000023a SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegQueryValueExW |
Handle => 0x00000252 Data => C\x00:\x00\\x00W\x00I\x00N\x00D\x00O\x00W\x00S\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00u\x00r\x00l\x00m\x00o\x00n\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegCloseKey |
Handle => 0x00000252 |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000023a SubKey => InprocHandler32 |
FAILURE | 0x00000002 | |
| 18:34:14,608 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000023a SubKey => InprocHandlerX86 |
FAILURE | 0x00000002 | |
| 18:34:14,608 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000023a SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:14,608 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000023a SubKey => LocalServer |
FAILURE | 0x00000002 | |
| 18:34:14,608 | 588 | RegOpenKeyExW |
Handle => 0x00000252 Registry => 0x00000232 SubKey => CLSID\{7B8A2D95-0AC9-11D1-896C-00C04FB6BFC4} |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegQueryValueExW |
Handle => 0x00000252 DataLength => 100 ValueName => AppID Type => 1291616 |
FAILURE | 0x00000002 | |
| 18:34:14,608 | 588 | RegCloseKey |
Handle => 0x00000252 |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegCloseKey |
Handle => 0x0000023a |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegQueryValueExW |
Handle => 0x00000230 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegOpenKeyExW |
Handle => 0x00000230 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegQueryValueExW |
Handle => 0x00000230 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegCloseKey |
Handle => 0x00000230 |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegOpenKeyExW |
Handle => 0x00000232 Registry => 0x000000e6 SubKey => CLSID\{7B8A2D95-0AC9-11D1-896C-00C04FB6BFC4} |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000232 SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:14,608 | 588 | RegOpenKeyExW |
Handle => 0x0000023a Registry => 0x000000e6 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegOpenKeyExW |
Handle => 0x00000232 Registry => 0x0000023a SubKey => CLSID\{7B8A2D95-0AC9-11D1-896C-00C04FB6BFC4} |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegOpenKeyExW |
Handle => 0x00000252 Registry => 0x00000232 SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegQueryValueExW |
Handle => 0x00000252 DataLength => 1000 ValueName => InprocServer32 Type => 1568064 |
FAILURE | 0x00000002 | |
| 18:34:14,608 | 588 | RegCloseKey |
Handle => 0x00000252 |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000232 SubKey => InprocServerX86 |
FAILURE | 0x00000002 | |
| 18:34:14,608 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000232 SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:14,608 | 588 | RegOpenKeyExW |
Handle => 0x00000252 Registry => 0x00000232 SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegQueryValueExW |
Handle => 0x00000252 Data => C\x00:\x00\\x00W\x00I\x00N\x00D\x00O\x00W\x00S\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00u\x00r\x00l\x00m\x00o\x00n\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegCloseKey |
Handle => 0x00000252 |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000232 SubKey => InprocHandler32 |
FAILURE | 0x00000002 | |
| 18:34:14,608 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000232 SubKey => InprocHandlerX86 |
FAILURE | 0x00000002 | |
| 18:34:14,608 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000232 SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:14,608 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000232 SubKey => LocalServer |
FAILURE | 0x00000002 | |
| 18:34:14,608 | 588 | RegOpenKeyExW |
Handle => 0x00000252 Registry => 0x0000023a SubKey => CLSID\{7B8A2D95-0AC9-11D1-896C-00C04FB6BFC4} |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegQueryValueExW |
Handle => 0x00000252 DataLength => 100 ValueName => AppID Type => 1291532 |
FAILURE | 0x00000002 | |
| 18:34:14,608 | 588 | RegCloseKey |
Handle => 0x00000252 |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegOpenKeyExW |
Handle => 0x00000232 Registry => 0x0000023a SubKey => CLSID\{7B8A2D95-0AC9-11D1-896C-00C04FB6BFC4} |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegOpenKeyExW |
Handle => 0x00000252 Registry => 0x00000232 SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegQueryValueExW |
Handle => 0x00000252 Data => B\x00o\x00t\x00h\x00\x00\x00 ValueName => ThreadingModel |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegCloseKey |
Handle => 0x00000252 |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegOpenKeyExW |
Handle => 0x00000232 Registry => 0x80000000 SubKey => CLSID\{7B8A2D95-0AC9-11D1-896C-00C04FB6BFC4} |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000232 SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:14,608 | 588 | RegCloseKey |
Handle => 0x00000232 |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | LdrLoadDll |
Flags => 1288392 BaseAddress => 0x7e1e0000 FileName => C:\WINDOWS\system32\urlmon.dll |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DllGetClassObject FunctionAddress => 0x7e1e603a ModuleHandle => 0x7e1e0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DllCanUnloadNow FunctionAddress => 0x7e1e2eec ModuleHandle => 0x7e1e0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | NtCreateSection |
ObjectAttributes => C:\UrlZonesSM_TDW DesiredAccess => 0x000f0007 SectionHandle => 0x00000230 FileHandle => 0x00000000 |
SUCCESS | 0x40000000 | |
| 18:34:14,608 | 588 | ZwMapViewOfSection |
SectionOffset => 0x0013aa00 SectionHandle => 0x00000230 ProcessHandle => 0xffffffff BaseAddress => 0x00f70000 |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegOpenKeyExW |
Handle => 0x00000250 Registry => 0x80000002 SubKey => System\Setup |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegQueryValueExW |
Handle => 0x00000250 Data => 0 ValueName => SystemSetupInProgress |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegCloseKey |
Handle => 0x00000250 |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegOpenKeyExW |
Handle => 0x00000250 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegOpenKeyExW |
Handle => 0x00000254 Registry => 0x00000250 SubKey => 0 |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegCloseKey |
Handle => 0x00000254 |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegOpenKeyExW |
Handle => 0x00000254 Registry => 0x00000250 SubKey => 1 |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegCloseKey |
Handle => 0x00000254 |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegOpenKeyExW |
Handle => 0x00000254 Registry => 0x00000250 SubKey => 2 |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegCloseKey |
Handle => 0x00000254 |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegOpenKeyExW |
Handle => 0x00000254 Registry => 0x00000250 SubKey => 3 |
SUCCESS | 0x00000000 | |
| 18:34:14,608 | 588 | RegCloseKey |
Handle => 0x00000254 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegOpenKeyExW |
Handle => 0x00000254 Registry => 0x00000250 SubKey => 4 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegCloseKey |
Handle => 0x00000254 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegCloseKey |
Handle => 0x00000250 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000250 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegEnumKeyExW |
Index => 0 Handle => 0x00000250 Name => 0 Class => |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000254 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000248 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegQueryValueExW |
Handle => 0x00000248 Data => 33 ValueName => Flags |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegCloseKey |
Handle => 0x00000248 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegCloseKey |
Handle => 0x00000254 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegEnumKeyExW |
Index => 1 Handle => 0x00000250 Name => 1 Class => |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000254 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000248 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegQueryValueExW |
Handle => 0x00000248 Data => 219 ValueName => Flags |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x0000024c Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegSetValueExW |
Handle => 0x0000024c Buffer => 1 ValueName => ProxyBypass Type => 4 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegSetValueExW |
Handle => 0x0000024c Buffer => 1 ValueName => IntranetName Type => 4 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegSetValueExW |
Handle => 0x0000024c Buffer => 1 ValueName => UNCAsIntranet Type => 4 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegCloseKey |
Handle => 0x0000024c |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegCloseKey |
Handle => 0x00000248 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegCloseKey |
Handle => 0x00000254 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegEnumKeyExW |
Index => 2 Handle => 0x00000250 Name => 2 Class => |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000254 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000248 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegQueryValueExW |
Handle => 0x00000248 Data => 71 ValueName => Flags |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegCloseKey |
Handle => 0x00000248 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegCloseKey |
Handle => 0x00000254 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegEnumKeyExW |
Index => 3 Handle => 0x00000250 Name => 3 Class => |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000254 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000248 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegQueryValueExW |
Handle => 0x00000248 Data => 1 ValueName => Flags |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegCloseKey |
Handle => 0x00000248 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegCloseKey |
Handle => 0x00000254 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegEnumKeyExW |
Index => 4 Handle => 0x00000250 Name => 4 Class => |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000254 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000248 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegQueryValueExW |
Handle => 0x00000248 Data => 3 ValueName => Flags |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegCloseKey |
Handle => 0x00000248 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegCloseKey |
Handle => 0x00000254 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegEnumKeyExW |
Index => 5 Handle => 0x00000250 Name => 4 Class => |
FAILURE | 0x00000103 | |
| 18:34:14,618 | 588 | RegCloseKey |
Handle => 0x00000250 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\ |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\ |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\ |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\ |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000250 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\ |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegEnumKeyExW |
Index => 0 Handle => 0x00000250 Name => 0 Class => |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000254 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000248 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegQueryValueExW |
Handle => 0x00000248 Data => 33 ValueName => Flags |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegCloseKey |
Handle => 0x00000248 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegCloseKey |
Handle => 0x00000254 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegEnumKeyExW |
Index => 1 Handle => 0x00000250 Name => 1 Class => |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000254 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000248 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegQueryValueExW |
Handle => 0x00000248 Data => 219 ValueName => Flags |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x0000024c Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegSetValueExW |
Handle => 0x0000024c Buffer => 1 ValueName => ProxyBypass Type => 4 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegSetValueExW |
Handle => 0x0000024c Buffer => 1 ValueName => IntranetName Type => 4 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegSetValueExW |
Handle => 0x0000024c Buffer => 1 ValueName => UNCAsIntranet Type => 4 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegCloseKey |
Handle => 0x0000024c |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegCloseKey |
Handle => 0x00000248 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegCloseKey |
Handle => 0x00000254 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegEnumKeyExW |
Index => 2 Handle => 0x00000250 Name => 2 Class => |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000254 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000248 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegQueryValueExW |
Handle => 0x00000248 Data => 71 ValueName => Flags |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegCloseKey |
Handle => 0x00000248 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegCloseKey |
Handle => 0x00000254 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegEnumKeyExW |
Index => 3 Handle => 0x00000250 Name => 3 Class => |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000254 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000248 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegQueryValueExW |
Handle => 0x00000248 Data => 1 ValueName => Flags |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegCloseKey |
Handle => 0x00000248 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegCloseKey |
Handle => 0x00000254 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegEnumKeyExW |
Index => 4 Handle => 0x00000250 Name => 4 Class => |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000254 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000248 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegQueryValueExW |
Handle => 0x00000248 Data => 3 ValueName => Flags |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegCloseKey |
Handle => 0x00000248 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegCloseKey |
Handle => 0x00000254 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegEnumKeyExW |
Index => 5 Handle => 0x00000250 Name => 4 Class => |
FAILURE | 0x00000103 | |
| 18:34:14,618 | 588 | RegCloseKey |
Handle => 0x00000250 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\ |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\ |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\ |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\ |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000250 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\ |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegEnumKeyExW |
Index => 0 Handle => 0x00000250 Name => 0 Class => |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000254 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000248 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegQueryValueExW |
Handle => 0x00000248 Data => 33 ValueName => Flags |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegCloseKey |
Handle => 0x00000248 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegCloseKey |
Handle => 0x00000254 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegEnumKeyExW |
Index => 1 Handle => 0x00000250 Name => 1 Class => |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000254 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1 |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000248 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegQueryValueExW |
Handle => 0x00000248 Data => 219 ValueName => Flags |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x0000024c Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegSetValueExW |
Handle => 0x0000024c Buffer => 1 ValueName => ProxyBypass Type => 4 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegSetValueExW |
Handle => 0x0000024c Buffer => 1 ValueName => IntranetName Type => 4 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegSetValueExW |
Handle => 0x0000024c Buffer => 1 ValueName => UNCAsIntranet Type => 4 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegCloseKey |
Handle => 0x0000024c |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegCloseKey |
Handle => 0x00000248 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegCloseKey |
Handle => 0x00000254 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegEnumKeyExW |
Index => 2 Handle => 0x00000250 Name => 2 Class => |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000254 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2 |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000248 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegQueryValueExW |
Handle => 0x00000248 Data => 71 ValueName => Flags |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegCloseKey |
Handle => 0x00000248 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegCloseKey |
Handle => 0x00000254 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegEnumKeyExW |
Index => 3 Handle => 0x00000250 Name => 3 Class => |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000254 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3 |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000248 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegQueryValueExW |
Handle => 0x00000248 Data => 1 ValueName => Flags |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegCloseKey |
Handle => 0x00000248 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegCloseKey |
Handle => 0x00000254 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegEnumKeyExW |
Index => 4 Handle => 0x00000250 Name => 4 Class => |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000254 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4 |
FAILURE | 0x00000002 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000248 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegQueryValueExW |
Handle => 0x00000248 Data => 3 ValueName => Flags |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegCloseKey |
Handle => 0x00000248 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegCloseKey |
Handle => 0x00000254 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegEnumKeyExW |
Index => 5 Handle => 0x00000250 Name => 4 Class => |
FAILURE | 0x00000103 | |
| 18:34:14,618 | 588 | RegCloseKey |
Handle => 0x00000250 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegOpenKeyExA |
Handle => 0x00000250 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegQueryValueExW |
Handle => 0x00000250 Data => M\x00y\x00 \x00C\x00o\x00m\x00p\x00u\x00t\x00e\x00r\x00\x00\x00 ValueName => DisplayName |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegQueryValueExW |
Handle => 0x00000250 Data => Y\x00o\x00u\x00r\x00 \x00c\x00o\x00m\x00p\x00u\x00t\x00e\x00r\x00\x00\x00 ValueName => Description |
SUCCESS | 0x00000000 | |
| 18:34:14,618 | 588 | RegQueryValueExW |
Handle => 0x00000250 Data => e\x00x\x00p\x00l\x00o\x00r\x00e\x00r\x00.\x00e\x00x\x00e\x00#\x000\x001\x000\x000\x00\x00\x00 ValueName => Icon |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegQueryValueExW |
Handle => 0x00000250 DataLength => 4 ValueName => MinLevel Type => 1293988 |
FAILURE | 0x00000002 | |
| 18:34:14,628 | 588 | RegOpenKeyExA |
Handle => 0x00000254 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegQueryValueExW |
Handle => 0x00000254 DataLength => 4 ValueName => MinLevel Type => 1293988 |
FAILURE | 0x00000002 | |
| 18:34:14,628 | 588 | RegQueryValueExW |
Handle => 0x00000250 DataLength => 4 ValueName => RecommendedLevel Type => 1293992 |
FAILURE | 0x00000002 | |
| 18:34:14,628 | 588 | RegQueryValueExW |
Handle => 0x00000254 DataLength => 4 ValueName => RecommendedLevel Type => 1293992 |
FAILURE | 0x00000002 | |
| 18:34:14,628 | 588 | RegQueryValueExW |
Handle => 0x00000250 Data => 0 ValueName => CurrentLevel |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegOpenKeyExA |
Handle => 0x00000248 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegQueryValueExW |
Handle => 0x00000248 Data => 33 ValueName => Flags |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegCloseKey |
Handle => 0x00000248 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegCloseKey |
Handle => 0x00000254 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegCloseKey |
Handle => 0x00000250 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegOpenKeyExA |
Handle => 0x00000250 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegQueryValueExW |
Handle => 0x00000250 Data => L\x00o\x00c\x00a\x00l\x00 \x00i\x00n\x00t\x00r\x00a\x00n\x00e\x00t\x00\x00\x00 ValueName => DisplayName |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegQueryValueExW |
Handle => 0x00000250 Data => T\x00h\x00i\x00s\x00 \x00z\x00o\x00n\x00e\x00 \x00c\x00o\x00n\x00t\x00a\x00i\x00n\x00s\x00 \x00a\x00l\x00l\x00 \x00W\x00e\x00b\x00 \x00s\x00i\x00t\x00e\x00s\x00 \x00t\x00h\x00a\x00t\x00 \x00a\x00r\x00e\x00 \x00o\x00n\x00 \x00y\x00o\x00u\x00r\x00 \x00o\x00r\x00g\x00a\x00n\x00i\x00z\x00a\x00t\x00i\x00o\x00n\x00'\x00s\x00 \x00i\x00n\x00t\x00r\x00a\x00n\x00e\x00t\x00.\x00\x00\x00 ValueName => Description |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegQueryValueExW |
Handle => 0x00000250 Data => s\x00h\x00e\x00l\x00l\x003\x002\x00.\x00d\x00l\x00l\x00#\x000\x000\x001\x008\x00\x00\x00 ValueName => Icon |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegQueryValueExW |
Handle => 0x00000250 Data => 65536 ValueName => MinLevel |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegQueryValueExW |
Handle => 0x00000250 Data => 66816 ValueName => RecommendedLevel |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegQueryValueExW |
Handle => 0x00000250 Data => 0 ValueName => CurrentLevel |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegOpenKeyExA |
Handle => 0x00000254 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegQueryValueExW |
Handle => 0x00000254 Data => 219 ValueName => Flags |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegOpenKeyExA |
Handle => 0x00000248 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegSetValueExW |
Handle => 0x00000248 Buffer => 1 ValueName => ProxyBypass Type => 4 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegSetValueExW |
Handle => 0x00000248 Buffer => 1 ValueName => IntranetName Type => 4 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegSetValueExW |
Handle => 0x00000248 Buffer => 1 ValueName => UNCAsIntranet Type => 4 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegCloseKey |
Handle => 0x00000248 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegCloseKey |
Handle => 0x00000254 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegCloseKey |
Handle => 0x00000250 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegOpenKeyExA |
Handle => 0x00000250 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegQueryValueExW |
Handle => 0x00000250 Data => T\x00r\x00u\x00s\x00t\x00e\x00d\x00 \x00s\x00i\x00t\x00e\x00s\x00\x00\x00 ValueName => DisplayName |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegQueryValueExW |
Handle => 0x00000250 Data => T\x00h\x00i\x00s\x00 \x00z\x00o\x00n\x00e\x00 \x00c\x00o\x00n\x00t\x00a\x00i\x00n\x00s\x00 \x00W\x00e\x00b\x00 \x00s\x00i\x00t\x00e\x00s\x00 \x00t\x00h\x00a\x00t\x00 \x00y\x00o\x00u\x00 \x00t\x00r\x00u\x00s\x00t\x00 \x00n\x00o\x00t\x00 \x00t\x00o\x00 \x00d\x00a\x00m\x00a\x00g\x00e\x00 \x00y\x00o\x00u\x00r\x00 \x00c\x00o\x00m\x00p\x00u\x00t\x00e\x00r\x00 \x00o\x00r\x00 \x00d\x00a\x00t\x00a\x00.\x00\x00\x00 ValueName => Description |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegQueryValueExW |
Handle => 0x00000250 Data => i\x00n\x00e\x00t\x00c\x00p\x00l\x00.\x00c\x00p\x00l\x00#\x000\x000\x000\x000\x004\x004\x008\x000\x00\x00\x00 ValueName => Icon |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegQueryValueExW |
Handle => 0x00000250 Data => 65536 ValueName => MinLevel |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegQueryValueExW |
Handle => 0x00000250 Data => 65536 ValueName => RecommendedLevel |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegQueryValueExW |
Handle => 0x00000250 Data => 0 ValueName => CurrentLevel |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegOpenKeyExA |
Handle => 0x00000254 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegQueryValueExW |
Handle => 0x00000254 Data => 71 ValueName => Flags |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegCloseKey |
Handle => 0x00000254 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegCloseKey |
Handle => 0x00000250 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegOpenKeyExA |
Handle => 0x00000250 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegQueryValueExW |
Handle => 0x00000250 Data => I\x00n\x00t\x00e\x00r\x00n\x00e\x00t\x00\x00\x00 ValueName => DisplayName |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegQueryValueExW |
Handle => 0x00000250 Data => T\x00h\x00i\x00s\x00 \x00z\x00o\x00n\x00e\x00 \x00c\x00o\x00n\x00t\x00a\x00i\x00n\x00s\x00 \x00a\x00l\x00l\x00 \x00W\x00e\x00b\x00 \x00s\x00i\x00t\x00e\x00s\x00 \x00y\x00o\x00u\x00 \x00h\x00a\x00v\x00e\x00n\x00'\x00t\x00 \x00p\x00l\x00a\x00c\x00e\x00d\x00 \x00i\x00n\x00 \x00o\x00t\x00h\x00e\x00r\x00 \x00z\x00o\x00n\x00e\x00s\x00\x00\x00 ValueName => Description |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegQueryValueExW |
Handle => 0x00000250 Data => i\x00n\x00e\x00t\x00c\x00p\x00l\x00.\x00c\x00p\x00l\x00#\x000\x000\x001\x003\x001\x003\x00\x00\x00 ValueName => Icon |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegQueryValueExW |
Handle => 0x00000250 Data => 69632 ValueName => MinLevel |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegQueryValueExW |
Handle => 0x00000250 Data => 69632 ValueName => RecommendedLevel |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegQueryValueExW |
Handle => 0x00000250 Data => 0 ValueName => CurrentLevel |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegOpenKeyExA |
Handle => 0x00000254 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegQueryValueExW |
Handle => 0x00000254 Data => 1 ValueName => Flags |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegCloseKey |
Handle => 0x00000254 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegCloseKey |
Handle => 0x00000250 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegOpenKeyExA |
Handle => 0x00000250 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegQueryValueExW |
Handle => 0x00000250 Data => R\x00e\x00s\x00t\x00r\x00i\x00c\x00t\x00e\x00d\x00 \x00s\x00i\x00t\x00e\x00s\x00\x00\x00 ValueName => DisplayName |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegQueryValueExW |
Handle => 0x00000250 Data => T\x00h\x00i\x00s\x00 \x00z\x00o\x00n\x00e\x00 \x00c\x00o\x00n\x00t\x00a\x00i\x00n\x00s\x00 \x00W\x00e\x00b\x00 \x00s\x00i\x00t\x00e\x00s\x00 \x00t\x00h\x00a\x00t\x00 \x00c\x00o\x00u\x00l\x00d\x00 \x00p\x00o\x00t\x00e\x00n\x00t\x00i\x00a\x00l\x00l\x00y\x00 \x00d\x00a\x00m\x00a\x00g\x00e\x00 \x00y\x00o\x00u\x00r\x00 \x00c\x00o\x00m\x00p\x00u\x00t\x00e\x00r\x00 \x00o\x00r\x00 \x00d\x00a\x00t\x00a\x00.\x00\x00\x00 ValueName => Description |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegQueryValueExW |
Handle => 0x00000250 Data => i\x00n\x00e\x00t\x00c\x00p\x00l\x00.\x00c\x00p\x00l\x00#\x000\x000\x000\x000\x004\x004\x008\x001\x00\x00\x00 ValueName => Icon |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegQueryValueExW |
Handle => 0x00000250 Data => 73728 ValueName => MinLevel |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegQueryValueExW |
Handle => 0x00000250 Data => 73728 ValueName => RecommendedLevel |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegQueryValueExW |
Handle => 0x00000250 Data => 0 ValueName => CurrentLevel |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegOpenKeyExA |
Handle => 0x00000254 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegQueryValueExW |
Handle => 0x00000254 Data => 3 ValueName => Flags |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegCloseKey |
Handle => 0x00000254 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegCloseKey |
Handle => 0x00000250 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoUninitialize FunctionAddress => 0x774fee46 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 2 |
SUCCESS | 0x00000011 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,628 | 588 | LdrGetProcedureAddress |
Ordinal => 100 FunctionName => FunctionAddress => 0x7c9ec059 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,628 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => KERNEL32 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetUserDefaultUILanguage FunctionAddress => 0x7c813100 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,628 | 588 | LdrLoadDll |
Flags => 1297200 BaseAddress => 0x01020000 FileName => xpsp2res.dll |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,628 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,628 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CreateURLMoniker FunctionAddress => 0x7e1ed381 ModuleHandle => 0x7e1e0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetRunningObjectTable FunctionAddress => 0x7750bc94 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CreateAsyncBindCtxEx FunctionAddress => 0x7e1f5d84 ModuleHandle => 0x7e1e0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RegisterBindStatusCallback FunctionAddress => 0x7e1f5b9b ModuleHandle => 0x7e1e0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\MediaTypeClass |
FAILURE | 0x00000002 | |
| 18:34:14,628 | 588 | RegOpenKeyExA |
Handle => 0x00000254 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegEnumValueA |
Index => 0 Handle => 0x00000254 DataLength => 0 ValueName => 0 Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegEnumValueA |
Index => 1 Handle => 0x00000254 DataLength => 0 ValueName => 1 Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegEnumValueA |
Index => 2 Handle => 0x00000254 DataLength => 0 ValueName => 2 Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegEnumValueA |
Index => 3 Handle => 0x00000254 DataLength => 0 ValueName => 3 Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegEnumValueA |
Index => 4 Handle => 0x00000254 DataLength => 0 ValueName => flash Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegEnumValueA |
Index => 5 Handle => 0x00000254 DataLength => 0 ValueName => xaml Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegEnumValueA |
Index => 6 Handle => 0x00000254 DataLength => 0 ValueName => xbap Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegEnumValueA |
Index => 7 Handle => 0x00000254 DataLength => 0 ValueName => application Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegEnumValueA |
Index => 8 Handle => 0x00000254 DataLength => 0 ValueName => application Type => 1 |
FAILURE | 0x00000103 | |
| 18:34:14,628 | 588 | RegEnumValueA |
Index => 0 Handle => 0x00000254 Data => image/gif\x00 ValueName => 0 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegEnumValueA |
Index => 1 Handle => 0x00000254 Data => image/x-xbitmap\x00 ValueName => 1 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegEnumValueA |
Index => 2 Handle => 0x00000254 Data => image/jpeg\x00 ValueName => 2 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegEnumValueA |
Index => 3 Handle => 0x00000254 Data => image/pjpeg\x00 ValueName => 3 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegEnumValueA |
Index => 4 Handle => 0x00000254 Data => application/x-shockwave-flash\x00 ValueName => flash |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegEnumValueA |
Index => 5 Handle => 0x00000254 Data => application/xaml+xml\x00 ValueName => xaml |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegEnumValueA |
Index => 6 Handle => 0x00000254 Data => application/x-ms-xbap\x00 ValueName => xbap |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegEnumValueA |
Index => 7 Handle => 0x00000254 Data => application/x-ms-application\x00 ValueName => application |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | LdrLoadDll |
Flags => 1288392 BaseAddress => 0x7e1e0000 FileName => URLMON.DLL |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CreateFormatEnumerator FunctionAddress => 0x7e1f83b3 ModuleHandle => 0x7e1e0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegCloseKey |
Handle => 0x00000254 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | LdrGetProcedureAddress |
Ordinal => 9 FunctionName => FunctionAddress => 0x771248f0 ModuleHandle => 0x77120000 |
SUCCESS | 0x00000000 | |
| 18:34:14,628 | 588 | RegOpenKeyExW |
Handle => 0x00000254 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Ratings |
SUCCESS | 0x00000000 | |
| 18:34:14,638 | 588 | RegQueryValueExW |
Handle => 0x00000254 DataLength => 400 ValueName => Key Type => 1288452 |
FAILURE | 0x00000002 | |
| 18:34:14,638 | 588 | RegCloseKey |
Handle => 0x00000254 |
SUCCESS | 0x00000000 | |
| 18:34:14,638 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => UrlMkGetSessionOption FunctionAddress => 0x7e1f49d8 ModuleHandle => 0x7e1e0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,638 | 588 | RegOpenKeyExA |
Handle => 0x00000254 Registry => 0x80000001 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:14,638 | 588 | RegQueryValueExA |
Handle => 0x00000254 DataLength => 4 ValueName => UrlEncoding Type => 596 |
FAILURE | 0x00000002 | |
| 18:34:14,638 | 588 | RegOpenKeyExA |
Handle => 0x00000250 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:14,638 | 588 | RegQueryValueExA |
Handle => 0x00000250 DataLength => 11 ValueName => UrlEncoding Type => 1 |
FAILURE | 0x000000ea | |
| 18:34:14,638 | 588 | RegCloseKey |
Handle => 0x00000250 |
SUCCESS | 0x00000000 | |
| 18:34:14,638 | 588 | RegCloseKey |
Handle => 0x00000254 |
SUCCESS | 0x00000000 | |
| 18:34:14,638 | 588 | RegOpenKeyExW |
Handle => 0x00000254 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:14,638 | 588 | RegQueryValueExW |
Handle => 0x00000254 DataLength => 4 ValueName => Security_HKLM_only Type => 1283688 |
FAILURE | 0x00000002 | |
| 18:34:14,638 | 588 | RegCloseKey |
Handle => 0x00000254 |
SUCCESS | 0x00000000 | |
| 18:34:14,638 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:14,638 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:14,638 | 588 | RegOpenKeyExW |
Handle => 0x00000254 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 18:34:14,638 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:14,638 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000254 SubKey => FEATURE_TEMPORARYFILES_FOR_NOCACHE_840386 |
FAILURE | 0x00000002 | |
| 18:34:14,638 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 18:34:14,638 | 588 | RegCloseKey |
Handle => 0x00000254 |
SUCCESS | 0x00000000 | |
| 18:34:14,638 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 18:34:14,638 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:14,638 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,638 | 588 | GetSystemMetrics |
SystemMetricIndex => 2 |
SUCCESS | 0x00000011 | |
| 18:34:14,638 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:14,638 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,638 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:14,638 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:14,638 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,638 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,638 | 588 | RegOpenKeyExA |
Handle => 0x00000256 Registry => 0x80000000 SubKey => PROTOCOLS\Name-Space Handler\ |
SUCCESS | 0x00000000 | |
| 18:34:14,638 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000000 SubKey => PROTOCOLS\Name-Space Handler\http\ |
FAILURE | 0x00000002 | |
| 18:34:14,638 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000000 SubKey => PROTOCOLS\Name-Space Handler\*\ |
FAILURE | 0x00000002 | |
| 18:34:14,638 | 588 | RegCloseKey |
Handle => 0x00000256 |
SUCCESS | 0x00000000 | |
| 18:34:14,648 | 588 | LdrLoadDll |
Flags => 1284156 BaseAddress => 0x75cf0000 FileName => mlang.dll |
SUCCESS | 0x00000000 | |
| 18:34:14,648 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => ConvertINetUnicodeToMultiByte FunctionAddress => 0x75cf4769 ModuleHandle => 0x75cf0000 |
SUCCESS | 0x00000000 | 1 time |
| 18:34:14,648 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => InternetCrackUrlA FunctionAddress => 0x771c7549 ModuleHandle => 0x771b0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,648 | 588 | RegOpenKeyExW |
Handle => 0x00000250 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:14,648 | 588 | RegQueryValueExW |
Handle => 0x00000250 DataLength => 4 ValueName => Security_HKLM_only Type => 1283272 |
FAILURE | 0x00000002 | |
| 18:34:14,648 | 588 | RegCloseKey |
Handle => 0x00000250 |
SUCCESS | 0x00000000 | |
| 18:34:14,648 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:14,648 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:14,648 | 588 | RegOpenKeyExW |
Handle => 0x00000250 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 18:34:14,648 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:14,648 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000250 SubKey => FEATURE_HTTP_USERNAME_PASSWORD_DISABLE |
FAILURE | 0x00000002 | |
| 18:34:14,648 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 18:34:14,648 | 588 | RegCloseKey |
Handle => 0x00000250 |
SUCCESS | 0x00000000 | |
| 18:34:14,648 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 18:34:14,648 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent |
FAILURE | 0x00000002 | |
| 18:34:14,648 | 588 | RegOpenKeyExA |
Handle => 0x00000250 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent |
SUCCESS | 0x00000000 | |
| 18:34:14,648 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent |
FAILURE | 0x00000002 | |
| 18:34:14,648 | 588 | RegOpenKeyExA |
Handle => 0x00000248 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent |
SUCCESS | 0x00000000 | |
| 18:34:14,648 | 588 | RegQueryValueExA |
Handle => 0x00000248 DataLength => 260 ValueName => Type => 584 |
FAILURE | 0x00000002 | |
| 18:34:14,648 | 588 | RegQueryValueExA |
Handle => 0x00000248 DataLength => 260 ValueName => Compatible Type => 584 |
FAILURE | 0x00000002 | |
| 18:34:14,648 | 588 | RegQueryValueExA |
Handle => 0x00000248 DataLength => 260 ValueName => Version Type => 584 |
FAILURE | 0x00000002 | |
| 18:34:14,648 | 588 | RegOpenKeyExA |
Handle => 0x0000024c Registry => 0x00000250 SubKey => UA Tokens |
SUCCESS | 0x00000000 | |
| 18:34:14,648 | 588 | RegOpenKeyExA |
Handle => 0x00000258 Registry => 0x80000001 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:14,648 | 588 | RegQueryValueExA |
Handle => 0x00000258 Data => Mozilla/4.0 (compatible; MSIE 6.0; Win32)\x00 ValueName => User Agent |
SUCCESS | 0x00000000 | |
| 18:34:14,648 | 588 | RegCloseKey |
Handle => 0x00000258 |
SUCCESS | 0x00000000 | |
| 18:34:14,648 | 588 | RegEnumValueA |
Index => 0 Handle => 0x0000024c DataLength => 0 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:14,648 | 588 | RegEnumValueA |
Index => 1 Handle => 0x0000024c DataLength => 0 ValueName => MSN 2.0 Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:14,648 | 588 | RegEnumValueA |
Index => 2 Handle => 0x0000024c DataLength => 0 ValueName => MSN 2.5 Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:14,648 | 588 | RegEnumValueA |
Index => 3 Handle => 0x0000024c DataLength => 0 ValueName => MSN 2.5 Type => 0 |
FAILURE | 0x00000103 | |
| 18:34:14,658 | 588 | RegCloseKey |
Handle => 0x0000024c |
SUCCESS | 0x00000000 | |
| 18:34:14,658 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x00000250 SubKey => Pre Platform |
FAILURE | 0x00000002 | |
| 18:34:14,658 | 588 | RegEnumValueA |
Index => 0 Handle => 0x00000000 DataLength => 0 ValueName => MSN 2.5 Type => 0 |
FAILURE | 0x00000006 | |
| 18:34:14,658 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 18:34:14,658 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x00000248 SubKey => Pre Platform |
FAILURE | 0x00000002 | |
| 18:34:14,658 | 588 | RegEnumValueA |
Index => 0 Handle => 0x00000000 DataLength => 0 ValueName => MSN 2.5 Type => 0 |
FAILURE | 0x00000006 | |
| 18:34:14,658 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 18:34:14,658 | 588 | RegQueryValueExA |
Handle => 0x00000248 DataLength => 260 ValueName => Platform Type => 584 |
FAILURE | 0x00000002 | |
| 18:34:14,658 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => kernel32.dll |
SUCCESS | 0x00000000 | |
| 18:34:14,658 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetSystemWow64DirectoryA FunctionAddress => 0x7c821454 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 18:34:14,658 | 588 | RegOpenKeyExA |
Handle => 0x0000024c Registry => 0x00000250 SubKey => Post Platform |
SUCCESS | 0x00000000 | |
| 18:34:14,658 | 588 | RegEnumValueA |
Index => 0 Handle => 0x0000024c DataLength => 0 ValueName => SV1 Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:14,658 | 588 | RegEnumValueA |
Index => 1 Handle => 0x0000024c DataLength => 0 ValueName => SV1 Type => 0 |
FAILURE | 0x00000103 | |
| 18:34:14,658 | 588 | RegCloseKey |
Handle => 0x0000024c |
SUCCESS | 0x00000000 | |
| 18:34:14,658 | 588 | RegOpenKeyExA |
Handle => 0x0000024c Registry => 0x00000248 SubKey => Post Platform |
SUCCESS | 0x00000000 | |
| 18:34:14,658 | 588 | RegEnumValueA |
Index => 0 Handle => 0x0000024c DataLength => 0 ValueName => .NET4.0C Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:14,658 | 588 | RegEnumValueA |
Index => 1 Handle => 0x0000024c DataLength => 0 ValueName => .NET4.0E Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:14,658 | 588 | RegEnumValueA |
Index => 2 Handle => 0x0000024c DataLength => 0 ValueName => .NET CLR 2.0.50727 Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:14,658 | 588 | RegEnumValueA |
Index => 3 Handle => 0x0000024c DataLength => 0 ValueName => .NET CLR 3.0.04506.648 Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:14,658 | 588 | RegEnumValueA |
Index => 4 Handle => 0x0000024c DataLength => 0 ValueName => .NET CLR 3.5.21022 Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:14,658 | 588 | RegEnumValueA |
Index => 5 Handle => 0x0000024c DataLength => 0 ValueName => .NET CLR 3.5.21022 Type => 0 |
FAILURE | 0x00000103 | |
| 18:34:14,658 | 588 | RegCloseKey |
Handle => 0x0000024c |
SUCCESS | 0x00000000 | |
| 18:34:14,658 | 588 | RegCloseKey |
Handle => 0x00000250 |
SUCCESS | 0x00000000 | |
| 18:34:14,658 | 588 | RegCloseKey |
Handle => 0x00000248 |
SUCCESS | 0x00000000 | |
| 18:34:14,658 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => InternetOpenA FunctionAddress => 0x771c578e ModuleHandle => 0x771b0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,658 | 588 | InternetOpenA |
ProxyBypass => AccessType => 0x00000000 Agent => Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022) Flags => 0x10000000 ProxyName => |
SUCCESS | 0x00cc0004 | |
| 18:34:14,658 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => InternetSetStatusCallbackA FunctionAddress => 0x771d9064 ModuleHandle => 0x771b0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,658 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => InternetConnectA FunctionAddress => 0x771c3452 ModuleHandle => 0x771b0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,658 | 588 | InternetConnectA |
Username => Service => 3 InternetHandle => 0x00cc0004 ServerName => jue0jc.lukodorsai.info Flags => 0x00000000 ServerPort => 80 Password => |
SUCCESS | 0x00cc0008 | |
| 18:34:14,658 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\UrlMon Settings |
FAILURE | 0x00000002 | |
| 18:34:14,658 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => HttpOpenRequestA FunctionAddress => 0x771c2af9 ModuleHandle => 0x771b0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,658 | 588 | HttpOpenRequestA |
Flags => 4194304 Path => /dpta5n0tp2 InternetHandle => 0x00cc0008 |
SUCCESS | 0x00cc000c | |
| 18:34:14,658 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => InternetQueryOptionA FunctionAddress => 0x771b7190 ModuleHandle => 0x771b0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,658 | 588 | RegOpenKeyExA |
Handle => 0x00000250 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\International |
SUCCESS | 0x00000000 | |
| 18:34:14,658 | 588 | RegQueryValueExA |
Handle => 0x00000250 DataLength => 80 ValueName => AcceptLanguage Type => 592 |
FAILURE | 0x00000002 | |
| 18:34:14,658 | 588 | LdrLoadDll |
Flags => 1281308 BaseAddress => 0x75cf0000 FileName => MLANG.dll |
SUCCESS | 0x00000000 | |
| 18:34:14,658 | 588 | LdrGetProcedureAddress |
Ordinal => 120 FunctionName => FunctionAddress => 0x75cf58ff ModuleHandle => 0x75cf0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,658 | 588 | RegCloseKey |
Handle => 0x00000250 |
SUCCESS | 0x00000000 | |
| 18:34:14,658 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoTaskMemAlloc FunctionAddress => 0x774fd060 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,658 | 588 | RegOpenKeyExA |
Handle => 0x00000250 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
SUCCESS | 0x00000000 | |
| 18:34:14,658 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
FAILURE | 0x00000002 | |
| 18:34:14,658 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
FAILURE | 0x00000002 | |
| 18:34:14,658 | 588 | RegOpenKeyExA |
Handle => 0x00000258 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
SUCCESS | 0x00000000 | |
| 18:34:14,658 | 588 | RegOpenKeyExA |
Handle => 0x00000260 Registry => 0x00000258 SubKey => Ranges\ |
SUCCESS | 0x00000000 | |
| 18:34:14,658 | 588 | RegQueryInfoKeyW |
MaxClassLength => 0 MaxValueLength => 0 MaxValueNameLength => 0 ValueCount => 0 MaxSubKeyLength => 0 KeyHandle => 0x00000260 SubKeyCount => 0 Class => |
SUCCESS | 0x00000000 | |
| 18:34:14,658 | 588 | RegCloseKey |
Handle => 0x00000260 |
SUCCESS | 0x00000000 | |
| 18:34:14,658 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => InternetSetOptionA FunctionAddress => 0x771bb1d8 ModuleHandle => 0x771b0000 |
SUCCESS | 0x00000000 | 3 times |
| 18:34:14,658 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => HttpSendRequestA FunctionAddress => 0x771c60a1 ModuleHandle => 0x771b0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,658 | 1304 | socket |
type => 2 protocol => 17 af => 2 |
SUCCESS | 0x00000274 | |
| 18:34:14,668 | 1304 | bind |
ip => 127.0.0.1 socket => 0x00000274 port => 0 |
SUCCESS | 0x00000000 | |
| 18:34:14,668 | 588 | HttpSendRequestA |
RequestHandle => 0x00cc000c Headers => Accept-Language: en-us Accept-Encoding: gzip, deflate PostData => |
FAILURE | 0x00000000 | |
| 18:34:14,668 | 1276 | NtDelayExecution |
Milliseconds => 1566804069 |
SUCCESS | 0x00000000 | |
| 18:34:14,668 | 588 | FindWindowW |
ClassName => Shell_TrayWnd WindowName => |
SUCCESS | 0x00050030 | |
| 18:34:14,668 | 588 | GetSystemMetrics |
SystemMetricIndex => 31 |
SUCCESS | 0x00000019 | 7 times |
| 18:34:14,668 | 588 | LdrGetProcedureAddress |
Ordinal => 195 FunctionName => FunctionAddress => 0x7e2ad401 ModuleHandle => 0x7e290000 |
SUCCESS | 0x00000000 | |
| 18:34:14,668 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoRegisterClassObject FunctionAddress => 0x77517e90 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,668 | 588 | RegOpenKeyExW |
Handle => 0x0000028c Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:14,668 | 588 | RegQueryValueExW |
Handle => 0x0000028c Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:14,668 | 588 | RegCloseKey |
Handle => 0x0000028c |
SUCCESS | 0x00000000 | |
| 18:34:14,668 | 588 | RegOpenKeyExW |
Handle => 0x0000028c Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:14,668 | 588 | RegQueryValueExW |
Handle => 0x0000028c Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:14,668 | 588 | RegCloseKey |
Handle => 0x0000028c |
SUCCESS | 0x00000000 | |
| 18:34:14,668 | 588 | RegOpenKeyExW |
Handle => 0x0000028e Registry => 0x000000e6 SubKey => CLSID\{0002DF01-0000-0000-C000-000000000046} |
SUCCESS | 0x00000000 | |
| 18:34:14,668 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000028e SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:14,668 | 588 | RegOpenKeyExW |
Handle => 0x00000292 Registry => 0x000000e6 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:14,668 | 588 | RegCloseKey |
Handle => 0x0000028e |
SUCCESS | 0x00000000 | |
| 18:34:14,668 | 588 | RegOpenKeyExW |
Handle => 0x0000028e Registry => 0x00000292 SubKey => CLSID\{0002DF01-0000-0000-C000-000000000046} |
SUCCESS | 0x00000000 | |
| 18:34:14,668 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000028e SubKey => InprocServer32 |
FAILURE | 0x00000002 | |
| 18:34:14,668 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000028e SubKey => InprocServerX86 |
FAILURE | 0x00000002 | |
| 18:34:14,668 | 588 | RegOpenKeyExW |
Handle => 0x00000296 Registry => 0x0000028e SubKey => LocalServer32 |
SUCCESS | 0x00000000 | |
| 18:34:14,668 | 588 | RegQueryValueExW |
Handle => 0x00000296 DataLength => 1000 ValueName => LocalServer32 Type => 1568064 |
FAILURE | 0x00000002 | |
| 18:34:14,668 | 588 | RegCloseKey |
Handle => 0x00000296 |
SUCCESS | 0x00000000 | |
| 18:34:14,668 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000028e SubKey => InprocServer32 |
FAILURE | 0x00000002 | |
| 18:34:14,668 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000028e SubKey => InprocServerX86 |
FAILURE | 0x00000002 | |
| 18:34:14,668 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000028e SubKey => InprocHandler32 |
FAILURE | 0x00000002 | |
| 18:34:14,668 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000028e SubKey => InprocHandlerX86 |
FAILURE | 0x00000002 | |
| 18:34:14,668 | 588 | RegOpenKeyExW |
Handle => 0x00000296 Registry => 0x0000028e SubKey => LocalServer32 |
SUCCESS | 0x00000000 | |
| 18:34:14,668 | 588 | RegQueryValueExW |
Handle => 0x00000296 Data => "\x00C\x00:\x00\\x00P\x00r\x00o\x00g\x00r\x00a\x00m\x00 \x00F\x00i\x00l\x00e\x00s\x00\\x00I\x00n\x00t\x00e\x00r\x00n\x00e\x00t\x00 \x00E\x00x\x00p\x00l\x00o\x00r\x00e\x00r\x00\\x00i\x00e\x00x\x00p\x00l\x00o\x00r\x00e\x00.\x00e\x00x\x00e\x00"\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:14,668 | 588 | RegCloseKey |
Handle => 0x00000296 |
SUCCESS | 0x00000000 | |
| 18:34:14,668 | 588 | RegCloseKey |
Handle => 0x0000028e |
SUCCESS | 0x00000000 | |
| 18:34:14,668 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => C:\WINDOWS\system32\winlogon.exe |
FAILURE | 3221225781 | 1 time |
| 18:34:14,668 | 1304 | NtDeviceIoControlFile |
InputBuffer => FileHandle => 0x00000274 OutputBuffer => \x01\x00\x00\x00\x01\x00\x00\x00\x0e\x00\x02\x00\x04 \x7f\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:14,668 | 1304 | connect |
socket => 0x00000274 |
SUCCESS | 0x00000000 | |
| 18:34:14,688 | 1412 | LdrLoadDll |
Flags => 23002604 BaseAddress => 0x76ee0000 FileName => RASAPI32.DLL |
SUCCESS | 0x00000000 | |
| 18:34:14,688 | 1412 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RasDialW FunctionAddress => 0x76ef68db ModuleHandle => 0x76ee0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,688 | 1412 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RasHangUpW FunctionAddress => 0x76ee8bcd ModuleHandle => 0x76ee0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,688 | 1412 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RasEnumEntriesW FunctionAddress => 0x76ee3ce9 ModuleHandle => 0x76ee0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,688 | 1412 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RasGetEntryDialParamsW FunctionAddress => 0x76ee7ad0 ModuleHandle => 0x76ee0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,688 | 1412 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RasSetEntryDialParamsW FunctionAddress => 0x76ee917c ModuleHandle => 0x76ee0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,688 | 1412 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RasEditPhonebookEntryW FunctionAddress => 0x76ee6839 ModuleHandle => 0x76ee0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,688 | 1412 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RasCreatePhonebookEntryW FunctionAddress => 0x76ee6767 ModuleHandle => 0x76ee0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,688 | 1412 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RasGetErrorStringW FunctionAddress => 0x76ee7d38 ModuleHandle => 0x76ee0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,698 | 1412 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RasGetConnectStatusW FunctionAddress => 0x76ee70cb ModuleHandle => 0x76ee0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,698 | 1412 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RasEnumConnectionsW FunctionAddress => 0x76ee2520 ModuleHandle => 0x76ee0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,698 | 1412 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RasGetEntryPropertiesW FunctionAddress => 0x76ee9a5b ModuleHandle => 0x76ee0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,698 | 1412 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RasGetCredentialsW FunctionAddress => 0x76eeacb1 ModuleHandle => 0x76ee0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,698 | 1412 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RasSetCredentialsW FunctionAddress => 0x76eeb078 ModuleHandle => 0x76ee0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,698 | 1412 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RasGetAutodialAddressA FunctionAddress => 0x76eebbe0 ModuleHandle => 0x76ee0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,698 | 1412 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RasSetAutodialAddressA FunctionAddress => 0x76eec044 ModuleHandle => 0x76ee0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,698 | 1412 | LdrLoadDll |
Flags => 23002452 BaseAddress => 0x76e80000 FileName => RTUTILS.DLL |
SUCCESS | 0x00000000 | |
| 18:34:14,698 | 1412 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => TraceRegisterExA FunctionAddress => 0x76e8212f ModuleHandle => 0x76e80000 |
SUCCESS | 0x00000000 | |
| 18:34:14,698 | 1412 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => TraceDeregisterA FunctionAddress => 0x76e83ff9 ModuleHandle => 0x76e80000 |
SUCCESS | 0x00000000 | |
| 18:34:14,698 | 1412 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => TraceDeregisterExA FunctionAddress => 0x76e82d77 ModuleHandle => 0x76e80000 |
SUCCESS | 0x00000000 | |
| 18:34:14,698 | 1412 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => TracePrintfA FunctionAddress => 0x76e81aad ModuleHandle => 0x76e80000 |
SUCCESS | 0x00000000 | |
| 18:34:14,698 | 1412 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => TracePrintfExA FunctionAddress => 0x76e819e2 ModuleHandle => 0x76e80000 |
SUCCESS | 0x00000000 | |
| 18:34:14,698 | 1412 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => TraceDumpExA FunctionAddress => 0x76e8253f ModuleHandle => 0x76e80000 |
SUCCESS | 0x00000000 | |
| 18:34:14,698 | 1412 | RegCreateKeyExA |
Handle => 0x000002dc Access => 983103 Registry => 0x80000002 Class => SubKey => Software\Microsoft\Tracing |
SUCCESS | 0x00000000 | |
| 18:34:14,698 | 1412 | RegQueryValueExA |
Handle => 0x000002dc Data => 0 ValueName => EnableConsoleTracing |
SUCCESS | 0x00000000 | |
| 18:34:14,698 | 1412 | RegCloseKey |
Handle => 0x000002dc |
SUCCESS | 0x00000000 | |
| 18:34:14,698 | 1412 | RegOpenKeyExA |
Handle => 0x000002e4 Registry => 0x80000002 SubKey => Software\Microsoft\Tracing\RASAPI32 |
SUCCESS | 0x00000000 | |
| 18:34:14,698 | 1412 | RegQueryValueExA |
Handle => 0x000002e4 Data => 0 ValueName => EnableFileTracing |
SUCCESS | 0x00000000 | |
| 18:34:14,698 | 1412 | RegQueryValueExA |
Handle => 0x000002e4 Data => 4294901760 ValueName => FileTracingMask |
SUCCESS | 0x00000000 | |
| 18:34:14,698 | 1412 | RegQueryValueExA |
Handle => 0x000002e4 Data => 0 ValueName => EnableConsoleTracing |
SUCCESS | 0x00000000 | |
| 18:34:14,698 | 1412 | RegQueryValueExA |
Handle => 0x000002e4 Data => 4294901760 ValueName => ConsoleTracingMask |
SUCCESS | 0x00000000 | |
| 18:34:14,698 | 1412 | RegQueryValueExA |
Handle => 0x000002e4 Data => 1048576 ValueName => MaxFileSize |
SUCCESS | 0x00000000 | |
| 18:34:14,698 | 1412 | RegQueryValueExA |
Handle => 0x000002e4 Data => %windir%\tracing\x00 ValueName => FileDirectory |
SUCCESS | 0x00000000 | |
| 18:34:14,698 | 1412 | RegQueryValueExA |
Handle => 0x000002e4 Data => 0 ValueName => EnableFileTracing |
SUCCESS | 0x00000000 | |
| 18:34:14,698 | 1412 | RegQueryValueExA |
Handle => 0x000002e4 Data => 4294901760 ValueName => FileTracingMask |
SUCCESS | 0x00000000 | |
| 18:34:14,698 | 1412 | RegQueryValueExA |
Handle => 0x000002e4 Data => 0 ValueName => EnableConsoleTracing |
SUCCESS | 0x00000000 | |
| 18:34:14,698 | 1412 | RegQueryValueExA |
Handle => 0x000002e4 Data => 4294901760 ValueName => ConsoleTracingMask |
SUCCESS | 0x00000000 | |
| 18:34:14,698 | 1412 | RegQueryValueExA |
Handle => 0x000002e4 Data => 1048576 ValueName => MaxFileSize |
SUCCESS | 0x00000000 | |
| 18:34:14,698 | 1412 | RegQueryValueExA |
Handle => 0x000002e4 Data => %windir%\tracing\x00 ValueName => FileDirectory |
SUCCESS | 0x00000000 | |
| 18:34:14,698 | 1412 | OpenSCManagerW |
MachineName => DatabaseName => DesiredAccess => 2147483648 |
SUCCESS | 0x001a2250 | |
| 18:34:14,698 | 1412 | OpenServiceW |
ServiceControlManager => 0x001a2250 ServiceName => RASMAN DesiredAccess => 4 |
SUCCESS | 0x001a20a8 | |
| 18:34:14,698 | 1412 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => EnableAutodial Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:14,698 | 1412 | OpenSCManagerA |
MachineName => DatabaseName => DesiredAccess => 2147483648 |
SUCCESS | 0x001a2250 | |
| 18:34:14,708 | 588 | LdrLoadDll |
Flags => 1300336 BaseAddress => 0x01020000 FileName => xpsp2res.dll |
SUCCESS | 0x00000000 | |
| 18:34:14,708 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000000 SubKey => AppID\iexplore.exe |
FAILURE | 0x00000002 | |
| 18:34:14,708 | 588 | RegOpenKeyExW |
Handle => 0x000002fc Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\OLE |
SUCCESS | 0x00000000 | |
| 18:34:14,708 | 588 | RegQueryValueExW |
Handle => 0x000002fc DataLength => 256 ValueName => DefaultAccessPermission Type => 1707576 |
FAILURE | 0x00000002 | |
| 18:34:14,708 | 588 | RegCloseKey |
Handle => 0x000002fc |
SUCCESS | 0x00000000 | |
| 18:34:14,708 | 588 | NtCreateFile |
ShareAccess => 3 FileName => PIPE\lsarpc DesiredAccess => 0xc0100080 CreateDisposition => 1 FileHandle => 0x00000304 |
SUCCESS | 0x00000000 | |
| 18:34:14,708 | 588 | NtSetInformationFile |
FileHandle => 0x00000304 FileInformation => |
SUCCESS | 0x00000000 | 1 time |
| 18:34:14,708 | 588 | NtWriteFile |
Buffer => \x05\x00\x0b\x03\x10\x00\x00\x00H\x00\x00\x00\x01\x00\x00\x00\xb8\x10\xb8\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00xW4\x124\x12\xcd\xab\xef\x00\x01#Eg\x89\xab\x00\x00\x00\x00\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x00\x00 FileHandle => 0x00000304 |
SUCCESS | 0x00000000 | |
| 18:34:14,708 | 588 | NtReadFile |
Buffer => FileHandle => 0x00000304 |
SUCCESS | 0x00000103 | |
| 18:34:14,708 | 588 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x000002fc ObjectAttributes => \Registry\Machine\System\CurrentControlSet\Control\ComputerName |
SUCCESS | 0x00000000 | |
| 18:34:14,708 | 588 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x00000304 ObjectAttributes => ActiveComputerName |
SUCCESS | 0x00000000 | |
| 18:34:14,708 | 588 | NtQueryValueKey |
Information => T\x00U\x00R\x00B\x00O\x00P\x00C\x00\x00\x00 KeyHandle => 0x00000304 ValueName => ComputerName Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:14,708 | 588 | CreateThread |
ThreadId => 1516 StartRoutine => 0x77e76c7d Parameter => 0x001b1870 CreationFlags => 0 |
SUCCESS | 0x00000300 | |
| 18:34:14,708 | 588 | LdrLoadDll |
Flags => 1301252 BaseAddress => 0x774e0000 FileName => OLE32 |
SUCCESS | 0x00000000 | |
| 18:34:14,708 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoGetClassObject FunctionAddress => 0x775156c5 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,708 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoGetMarshalSizeMax FunctionAddress => 0x7752d6c0 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,708 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoMarshalInterface FunctionAddress => 0x7750ea71 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,708 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoUnmarshalInterface FunctionAddress => 0x7752d7f4 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,708 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => StringFromIID FunctionAddress => 0x7754659b ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,708 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoGetPSClsid FunctionAddress => 0x775197f0 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,708 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoTaskMemAlloc FunctionAddress => 0x774fd060 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,708 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoTaskMemFree FunctionAddress => 0x774fd044 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,708 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoCreateInstance FunctionAddress => 0x7750057e ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,708 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoReleaseMarshalData FunctionAddress => 0x7750df23 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,708 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DcomChannelSetHResult FunctionAddress => 0x7752b1b7 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,708 | 588 | CreateThread |
ThreadId => 1592 StartRoutine => 0x774fe43b Parameter => 0x001a4178 CreationFlags => 0 |
SUCCESS | 0x0000030c | |
| 18:34:14,708 | 588 | RegCloseKey |
Handle => 0x00000292 |
SUCCESS | 0x00000000 | |
| 18:34:14,708 | 588 | RegOpenKeyExW |
Handle => 0x00000290 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:14,708 | 588 | RegQueryValueExW |
Handle => 0x00000290 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:14,708 | 588 | RegCloseKey |
Handle => 0x00000290 |
SUCCESS | 0x00000000 | |
| 18:34:14,708 | 588 | RegOpenKeyExW |
Handle => 0x00000290 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:14,708 | 588 | RegQueryValueExW |
Handle => 0x00000290 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:14,708 | 588 | RegCloseKey |
Handle => 0x00000290 |
SUCCESS | 0x00000000 | |
| 18:34:14,708 | 588 | RegOpenKeyExW |
Handle => 0x00000292 Registry => 0x000000e6 SubKey => CLSID\{0002DF01-0000-0000-C000-000000000046} |
SUCCESS | 0x00000000 | |
| 18:34:14,708 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000292 SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:14,708 | 588 | RegOpenKeyExW |
Handle => 0x0000030e Registry => 0x000000e6 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:14,708 | 588 | RegCloseKey |
Handle => 0x00000292 |
SUCCESS | 0x00000000 | |
| 18:34:14,708 | 588 | RegOpenKeyExW |
Handle => 0x00000292 Registry => 0x0000030e SubKey => CLSID\{0002DF01-0000-0000-C000-000000000046} |
SUCCESS | 0x00000000 | |
| 18:34:14,708 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000292 SubKey => InprocServer32 |
FAILURE | 0x00000002 | |
| 18:34:14,708 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000292 SubKey => InprocServerX86 |
FAILURE | 0x00000002 | |
| 18:34:14,718 | 588 | RegOpenKeyExW |
Handle => 0x00000312 Registry => 0x00000292 SubKey => LocalServer32 |
SUCCESS | 0x00000000 | |
| 18:34:14,718 | 588 | RegQueryValueExW |
Handle => 0x00000312 DataLength => 1000 ValueName => LocalServer32 Type => 1568064 |
FAILURE | 0x00000002 | |
| 18:34:14,738 | 1592 | LdrLoadDll |
Flags => 25100148 BaseAddress => 0x774e0000 FileName => OLE32.DLL |
SUCCESS | 0x00000000 | |
| 18:34:14,738 | 1412 | LdrLoadDll |
Flags => 23002608 BaseAddress => 0x722b0000 FileName => sensapi.dll |
SUCCESS | 0x00000000 | |
| 18:34:14,738 | 1412 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => IsNetworkAlive FunctionAddress => 0x722b1260 ModuleHandle => 0x722b0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,738 | 1412 | NtOpenSection |
DesiredAccess => 0x00000004 ObjectAttributes => C:\SENS Information Cache SectionHandle => 0x00000320 |
SUCCESS | 0x00000000 | |
| 18:34:14,738 | 1412 | ZwMapViewOfSection |
SectionOffset => 0x015efdc8 SectionHandle => 0x00000320 ProcessHandle => 0xffffffff BaseAddress => 0x00fa0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,738 | 588 | RegCloseKey |
Handle => 0x00000312 |
SUCCESS | 0x00000000 | |
| 18:34:14,738 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000292 SubKey => InprocServer32 |
FAILURE | 0x00000002 | |
| 18:34:14,738 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000292 SubKey => InprocServerX86 |
FAILURE | 0x00000002 | |
| 18:34:14,738 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000292 SubKey => InprocHandler32 |
FAILURE | 0x00000002 | |
| 18:34:14,738 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000292 SubKey => InprocHandlerX86 |
FAILURE | 0x00000002 | |
| 18:34:14,738 | 588 | RegOpenKeyExW |
Handle => 0x00000312 Registry => 0x00000292 SubKey => LocalServer32 |
SUCCESS | 0x00000000 | |
| 18:34:14,738 | 588 | RegQueryValueExW |
Handle => 0x00000312 Data => "\x00C\x00:\x00\\x00P\x00r\x00o\x00g\x00r\x00a\x00m\x00 \x00F\x00i\x00l\x00e\x00s\x00\\x00I\x00n\x00t\x00e\x00r\x00n\x00e\x00t\x00 \x00E\x00x\x00p\x00l\x00o\x00r\x00e\x00r\x00\\x00i\x00e\x00x\x00p\x00l\x00o\x00r\x00e\x00.\x00e\x00x\x00e\x00"\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:14,738 | 588 | RegCloseKey |
Handle => 0x00000312 |
SUCCESS | 0x00000000 | |
| 18:34:14,738 | 588 | RegCloseKey |
Handle => 0x00000292 |
SUCCESS | 0x00000000 | |
| 18:34:14,748 | 1592 | NtDelayExecution |
Milliseconds => 60000 |
SUCCESS | 0x00000000 | |
| 18:34:14,748 | 588 | RegOpenKeyExA |
Handle => 0x00000290 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main |
SUCCESS | 0x00000000 | |
| 18:34:14,748 | 588 | RegQueryValueExW |
Handle => 0x00000290 Data => n\x00o\x00\x00\x00 ValueName => FullScreen |
SUCCESS | 0x00000000 | |
| 18:34:14,748 | 588 | RegCloseKey |
Handle => 0x00000290 |
SUCCESS | 0x00000000 | |
| 18:34:14,748 | 588 | ZwMapViewOfSection |
SectionOffset => 0x0013e860 SectionHandle => 0x00000290 ProcessHandle => 0xffffffff BaseAddress => 0x00fc0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,798 | 1412 | NtCreateFile |
ShareAccess => 3 FileName => PIPE\lsarpc DesiredAccess => 0xc0100080 CreateDisposition => 1 FileHandle => 0x0000032c |
SUCCESS | 0x00000000 | |
| 18:34:14,798 | 1412 | NtSetInformationFile |
FileHandle => 0x0000032c FileInformation => |
SUCCESS | 0x00000000 | 1 time |
| 18:34:14,798 | 1412 | NtWriteFile |
Buffer => \x05\x00\x0b\x03\x10\x00\x00\x00H\x00\x00\x00\x01\x00\x00\x00\xb8\x10\xb8\x10\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00xW4\x124\x12\xcd\xab\xef\x00\x01#Eg\x89\xab\x00\x00\x00\x00\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x00\x00 FileHandle => 0x0000032c |
SUCCESS | 0x00000000 | |
| 18:34:14,798 | 1412 | NtReadFile |
Buffer => FileHandle => 0x0000032c |
SUCCESS | 0x00000103 | |
| 18:34:14,798 | 588 | LdrGetProcedureAddress |
Ordinal => 141 FunctionName => FunctionAddress => 0x7e2d48bd ModuleHandle => 0x7e290000 |
SUCCESS | 0x00000000 | |
| 18:34:14,798 | 588 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Favorites\Links\*.* |
SUCCESS | 0x001b38a0 | |
| 18:34:14,798 | 588 | RegCreateKeyExW |
Handle => 0x00000310 Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
SUCCESS | 0x00000000 | |
| 18:34:14,798 | 588 | RegQueryValueExW |
Handle => 0x00000310 Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00R\x00e\x00c\x00e\x00n\x00t\x00\x00\x00 ValueName => Recent |
SUCCESS | 0x00000000 | |
| 18:34:14,798 | 588 | RegCloseKey |
Handle => 0x00000310 |
SUCCESS | 0x00000000 | |
| 18:34:14,798 | 588 | NtQueryDirectoryFile |
FileName => FileHandle => 0x00000290 FileInformation => h\x00\x00\x00\x00\x00\x00\x00`\xa3M\xbb\xd5I\xcd\x01P\x1e:\xe5|\xa0\xcf\x01`\xda\x99\xbf\xd5I\xcd\x01\xf0 \x11\xe3\xe0\x91\xcf\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00.\x00.\x00\x00\x00\x00\x00\x00\x00\x88\x00\x00\x00\x00\x00\x00\x00\x00\xcc\x96\xbf\xd5I\xcd\x01\x00\xcc\x96\xbf\xd5I\xcd\x01\x00\xcc\x96\xbf\xd5I\xcd\x01\x00\xcc\x96\xbf\xd5I\xcd\x01w\x00\x00\x00\x00\x00\x00\x00x\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00&\x00\x00\x00\x00\x00\x00\x00\x18\x00C\x00U\x00S\x00T\x00O\x00M\x00~\x001\x00.\x00U\x00R\x00L\x00C\x00u\x00s\x00t\x00o\x00m\x00i\x00z\x00e\x00 \x00L\x00i\x00n\x00k\x00s\x00.\x00u\x00r\x00l\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00\x00\x00\x000S\x98\xbf\xd5I\xcd\x01 |
SUCCESS | 0x00000000 | |
| 18:34:14,798 | 588 | NtQueryDirectoryFile |
FileName => FileHandle => 0x00000290 FileInformation => |
FAILURE | 2147483654 | |
| 18:34:14,808 | 588 | RegCreateKeyExW |
Handle => 0x00000290 Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
SUCCESS | 0x00000000 | |
| 18:34:14,808 | 588 | RegQueryValueExW |
Handle => 0x00000290 Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00R\x00e\x00c\x00e\x00n\x00t\x00\x00\x00 ValueName => Recent |
SUCCESS | 0x00000000 | |
| 18:34:14,808 | 588 | RegCloseKey |
Handle => 0x00000290 |
SUCCESS | 0x00000000 | |
| 18:34:14,808 | 588 | RegCreateKeyExW |
Handle => 0x00000290 Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
SUCCESS | 0x00000000 | |
| 18:34:14,808 | 588 | RegQueryValueExW |
Handle => 0x00000290 Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00R\x00e\x00c\x00e\x00n\x00t\x00\x00\x00 ValueName => Recent |
SUCCESS | 0x00000000 | |
| 18:34:14,808 | 588 | RegCloseKey |
Handle => 0x00000290 |
SUCCESS | 0x00000000 | |
| 18:34:14,808 | 588 | RegCreateKeyExW |
Handle => 0x00000290 Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
SUCCESS | 0x00000000 | |
| 18:34:14,808 | 588 | RegQueryValueExW |
Handle => 0x00000290 Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00R\x00e\x00c\x00e\x00n\x00t\x00\x00\x00 ValueName => Recent |
SUCCESS | 0x00000000 | |
| 18:34:14,808 | 588 | RegCloseKey |
Handle => 0x00000290 |
SUCCESS | 0x00000000 | |
| 18:34:14,808 | 588 | RegCreateKeyExW |
Handle => 0x00000290 Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
SUCCESS | 0x00000000 | |
| 18:34:14,808 | 588 | RegQueryValueExW |
Handle => 0x00000290 Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00R\x00e\x00c\x00e\x00n\x00t\x00\x00\x00 ValueName => Recent |
SUCCESS | 0x00000000 | |
| 18:34:14,808 | 588 | RegCloseKey |
Handle => 0x00000290 |
SUCCESS | 0x00000000 | |
| 18:34:14,808 | 588 | RegCreateKeyExW |
Handle => 0x00000290 Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
SUCCESS | 0x00000000 | |
| 18:34:14,808 | 588 | RegQueryValueExW |
Handle => 0x00000290 Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00R\x00e\x00c\x00e\x00n\x00t\x00\x00\x00 ValueName => Recent |
SUCCESS | 0x00000000 | |
| 18:34:14,808 | 588 | RegCloseKey |
Handle => 0x00000290 |
SUCCESS | 0x00000000 | |
| 18:34:14,808 | 588 | RegCreateKeyExW |
Handle => 0x00000290 Access => 33554432 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
SUCCESS | 0x00000000 | |
| 18:34:14,808 | 588 | RegQueryValueExW |
Handle => 0x00000290 Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00R\x00e\x00c\x00e\x00n\x00t\x00\x00\x00 ValueName => Recent |
SUCCESS | 0x00000000 | |
| 18:34:14,808 | 588 | RegCloseKey |
Handle => 0x00000290 |
SUCCESS | 0x00000000 | |
| 18:34:14,808 | 588 | RegCreateKeyExA |
Handle => 0x00000290 Access => 131103 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links |
SUCCESS | 0x00000000 | |
| 18:34:14,808 | 588 | RegSetValueExA |
Handle => 0x00000290 Buffer => ValueName => Order Type => 3 |
SUCCESS | 0x00000000 | |
| 18:34:14,808 | 588 | RegCloseKey |
Handle => 0x00000290 |
SUCCESS | 0x00000000 | |
| 18:34:14,808 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:14,808 | 588 | GetSystemMetrics |
SystemMetricIndex => 57 |
SUCCESS | 0x000000a0 | |
| 18:34:14,808 | 588 | GetSystemMetrics |
SystemMetricIndex => 4096 |
SUCCESS | 0x00000000 | |
| 18:34:14,808 | 588 | GetSystemMetrics |
SystemMetricIndex => 2 |
SUCCESS | 0x00000011 | |
| 18:34:14,808 | 588 | RegOpenKeyExW |
Handle => 0x00000290 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Toolbar |
SUCCESS | 0x00000000 | |
| 18:34:14,808 | 588 | RegQueryValueExW |
Handle => 0x00000290 Data => L\x00i\x00n\x00k\x00s\x00\x00\x00 ValueName => LinksFolderName |
SUCCESS | 0x00000000 | |
| 18:34:14,808 | 588 | RegCloseKey |
Handle => 0x00000290 |
SUCCESS | 0x00000000 | |
| 18:34:14,819 | 588 | GetSystemMetrics |
SystemMetricIndex => 31 |
SUCCESS | 0x00000019 | 15 times |
| 18:34:14,819 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DrawThemeEdge FunctionAddress => 0x5ad8cfd4 ModuleHandle => 0x5ad70000 |
SUCCESS | 0x00000000 | |
| 18:34:14,819 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,819 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,819 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,819 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,819 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,819 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,819 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,819 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,819 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,819 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,819 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,819 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,819 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,819 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,819 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,819 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,819 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,819 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,819 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,819 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,819 | 588 | GetSystemMetrics |
SystemMetricIndex => 41 |
SUCCESS | 0x00000000 | |
| 18:34:14,819 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,819 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,819 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,819 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,819 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,819 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,819 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,819 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,819 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,819 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,819 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,819 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,819 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 41 |
SUCCESS | 0x00000000 | 2 times |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 8 |
SUCCESS | 0x00000003 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 7 |
SUCCESS | 0x00000003 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 2 |
SUCCESS | 0x00000011 | 2 times |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 7 |
SUCCESS | 0x00000003 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 8 |
SUCCESS | 0x00000003 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 8 |
SUCCESS | 0x00000003 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 7 |
SUCCESS | 0x00000003 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 2 |
SUCCESS | 0x00000011 | 2 times |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 7 |
SUCCESS | 0x00000003 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 8 |
SUCCESS | 0x00000003 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | 1 time |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 41 |
SUCCESS | 0x00000000 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,829 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,859 | 1412 | NtQueryInformationFile |
FileHandle => 0x00000174 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:14,859 | 1412 | RegOpenKeyExA |
Handle => 0x00000318 Registry => 0x80000002 SubKey => SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:14,859 | 1412 | RegQueryValueExA |
Handle => 0x00000318 DataLength => 4 ValueName => ProxySettingsPerUser Type => 792 |
FAILURE | 0x00000002 | |
| 18:34:14,859 | 1412 | RegCloseKey |
Handle => 0x00000318 |
SUCCESS | 0x00000000 | |
| 18:34:14,859 | 1412 | LdrLoadDll |
Flags => 23001052 BaseAddress => 0x7c900000 FileName => ntdll.dll |
SUCCESS | 0x00000000 | |
| 18:34:14,859 | 1412 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RtlConvertSidToUnicodeString FunctionAddress => 0x7c914c35 ModuleHandle => 0x7c900000 |
SUCCESS | 0x00000000 | |
| 18:34:14,859 | 1412 | RegOpenKeyExW |
Handle => 0x00000290 Registry => 0x80000003 SubKey => S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 18:34:14,859 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,859 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,859 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,859 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,859 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,859 | 588 | GetSystemMetrics |
SystemMetricIndex => 41 |
SUCCESS | 0x00000000 | |
| 18:34:14,859 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:14,859 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,859 | 588 | GetSystemMetrics |
SystemMetricIndex => 2 |
SUCCESS | 0x00000011 | |
| 18:34:14,859 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:14,859 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:14,859 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:14,859 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:14,859 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,859 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:14,859 | 588 | GetSystemMetrics |
SystemMetricIndex => 31 |
SUCCESS | 0x00000019 | 15 times |
| 18:34:14,869 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,869 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,869 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,869 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,869 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,869 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,869 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,869 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,869 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,869 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,869 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,869 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,869 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,869 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,869 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,869 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,869 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,869 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,869 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:14,869 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:14,869 | 588 | GetSystemMetrics |
SystemMetricIndex => 41 |
SUCCESS | 0x00000000 | |
| 18:34:14,869 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{871C5380-42A0-1069-A2EA-08002B30309D} |
FAILURE | 0x00000002 | |
| 18:34:14,869 | 588 | RegOpenKeyExW |
Handle => 0x00000312 Registry => 0x80000000 SubKey => CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32 |
SUCCESS | 0x00000000 | |
| 18:34:14,869 | 588 | RegQueryValueExW |
Handle => 0x00000312 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00s\x00h\x00d\x00o\x00c\x00v\x00w\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:14,869 | 588 | RegQueryValueExW |
Handle => 0x00000312 DataLength => 0 ValueName => LoadWithoutCOM Type => 0 |
FAILURE | 0x00000002 | |
| 18:34:14,869 | 588 | RegCloseKey |
Handle => 0x00000312 |
SUCCESS | 0x00000000 | |
| 18:34:14,869 | 588 | RegCreateKeyExW |
Handle => 0x00000310 Access => 131097 Registry => 0x80000002 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked |
SUCCESS | 0x00000000 | |
| 18:34:14,869 | 588 | RegQueryValueExW |
Handle => 0x00000310 DataLength => 0 ValueName => {871C5380-42A0-1069-A2EA-08002B30309D} Type => 0 |
FAILURE | 0x00000002 | |
| 18:34:14,869 | 588 | RegCreateKeyExW |
Handle => 0x00000334 Access => 131097 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked |
SUCCESS | 0x00000000 | |
| 18:34:14,869 | 588 | RegQueryValueExW |
Handle => 0x00000334 DataLength => 0 ValueName => {871C5380-42A0-1069-A2EA-08002B30309D} Type => 0 |
FAILURE | 0x00000002 | |
| 18:34:14,869 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 18:34:14,869 | 588 | RegOpenKeyExW |
Handle => 0x00000338 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 18:34:14,869 | 588 | RegQueryValueExW |
Handle => 0x00000338 DataLength => 4 ValueName => EnforceShellExtensionSecurity Type => 1293552 |
FAILURE | 0x00000002 | |
| 18:34:14,869 | 588 | RegCloseKey |
Handle => 0x00000338 |
SUCCESS | 0x00000000 | |
| 18:34:14,869 | 588 | RegCreateKeyExW |
Handle => 0x00000338 Access => 131097 Registry => 0x80000002 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached |
SUCCESS | 0x00000000 | |
| 18:34:14,869 | 588 | RegQueryValueExW |
Handle => 0x00000338 DataLength => 4 ValueName => {871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0x401 Type => 1293188 |
FAILURE | 0x00000002 | |
| 18:34:14,869 | 588 | RegCreateKeyExW |
Handle => 0x0000033c Access => 131103 Registry => 0x80000001 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached |
SUCCESS | 0x00000000 | |
| 18:34:14,869 | 588 | RegQueryValueExW |
Handle => 0x0000033c Data => ValueName => {871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0x401 |
SUCCESS | 0x00000000 | |
| 18:34:14,869 | 588 | NtOpenKey |
DesiredAccess => 2147483648 KeyHandle => 0x00000340 ObjectAttributes => \Registry\Machine\Software\Classes\CLSID\{871c5380-42a0-1069-a2ea-08002b30309d}\InProcServer32 |
SUCCESS | 0x00000000 | |
| 18:34:14,869 | 588 | NtQueryValueKey |
Information => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00s\x00h\x00d\x00o\x00c\x00v\x00w\x00.\x00d\x00l\x00l\x00\x00\x00 KeyHandle => 0x00000340 ValueName => Type => 2 |
SUCCESS | 0x00000000 | |
| 18:34:14,869 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7e290000 FileName => shdocvw.dll |
SUCCESS | 0x00000000 | |
| 18:34:14,869 | 588 | RegOpenKeyExW |
Handle => 0x00000340 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:14,869 | 588 | RegQueryValueExW |
Handle => 0x00000340 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:14,869 | 588 | RegCloseKey |
Handle => 0x00000340 |
SUCCESS | 0x00000000 | |
| 18:34:14,869 | 588 | RegOpenKeyExW |
Handle => 0x00000340 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:14,869 | 588 | RegQueryValueExW |
Handle => 0x00000340 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:14,869 | 588 | RegCloseKey |
Handle => 0x00000340 |
SUCCESS | 0x00000000 | |
| 18:34:14,869 | 588 | RegOpenKeyExW |
Handle => 0x00000342 Registry => 0x000000e6 SubKey => CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} |
SUCCESS | 0x00000000 | |
| 18:34:14,869 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000342 SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:14,869 | 588 | RegOpenKeyExW |
Handle => 0x00000346 Registry => 0x000000e6 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:14,869 | 588 | RegCloseKey |
Handle => 0x00000342 |
SUCCESS | 0x00000000 | |
| 18:34:14,869 | 588 | RegOpenKeyExW |
Handle => 0x00000342 Registry => 0x00000346 SubKey => CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} |
SUCCESS | 0x00000000 | |
| 18:34:14,869 | 588 | RegOpenKeyExW |
Handle => 0x0000034a Registry => 0x00000342 SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 1412 | RegOpenKeyExA |
Handle => 0x0000034c Registry => 0x00000290 SubKey => Software\Microsoft\windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | RegQueryValueExW |
Handle => 0x0000034a DataLength => 1000 ValueName => InprocServer32 Type => 1568064 |
FAILURE | 0x00000002 | |
| 18:34:14,899 | 588 | RegCloseKey |
Handle => 0x0000034a |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000342 SubKey => InprocServerX86 |
FAILURE | 0x00000002 | |
| 18:34:14,899 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000342 SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:14,899 | 588 | RegOpenKeyExW |
Handle => 0x0000034a Registry => 0x00000342 SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | RegQueryValueExW |
Handle => 0x0000034a Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00s\x00h\x00d\x00o\x00c\x00v\x00w\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | RegCloseKey |
Handle => 0x0000034a |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000342 SubKey => InprocHandler32 |
FAILURE | 0x00000002 | |
| 18:34:14,899 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000342 SubKey => InprocHandlerX86 |
FAILURE | 0x00000002 | |
| 18:34:14,899 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000342 SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:14,899 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000342 SubKey => LocalServer |
FAILURE | 0x00000002 | |
| 18:34:14,899 | 588 | RegOpenKeyExW |
Handle => 0x0000034a Registry => 0x00000346 SubKey => CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | RegQueryValueExW |
Handle => 0x0000034a DataLength => 100 ValueName => AppID Type => 1293268 |
FAILURE | 0x00000002 | |
| 18:34:14,899 | 588 | RegCloseKey |
Handle => 0x0000034a |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | RegCloseKey |
Handle => 0x00000342 |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 1412 | RegQueryValueExA |
Handle => 0x0000034c Data => 1 ValueName => MigrateProxy |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | RegCloseKey |
Handle => 0x00000346 |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | RegOpenKeyExW |
Handle => 0x00000344 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | RegQueryValueExW |
Handle => 0x00000344 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | RegCloseKey |
Handle => 0x00000344 |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | RegOpenKeyExW |
Handle => 0x00000344 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | RegQueryValueExW |
Handle => 0x00000344 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | RegCloseKey |
Handle => 0x00000344 |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | RegOpenKeyExW |
Handle => 0x00000346 Registry => 0x000000e6 SubKey => CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000346 SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:14,899 | 588 | RegOpenKeyExW |
Handle => 0x0000034e Registry => 0x000000e6 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | RegCloseKey |
Handle => 0x00000346 |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | RegOpenKeyExW |
Handle => 0x00000346 Registry => 0x0000034e SubKey => CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | RegOpenKeyExW |
Handle => 0x00000342 Registry => 0x00000346 SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | RegQueryValueExW |
Handle => 0x00000342 DataLength => 1000 ValueName => InprocServer32 Type => 1567048 |
FAILURE | 0x00000002 | |
| 18:34:14,899 | 588 | RegCloseKey |
Handle => 0x00000342 |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000346 SubKey => InprocServerX86 |
FAILURE | 0x00000002 | |
| 18:34:14,899 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000346 SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:14,899 | 588 | RegOpenKeyExW |
Handle => 0x00000342 Registry => 0x00000346 SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | RegQueryValueExW |
Handle => 0x00000342 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00s\x00h\x00d\x00o\x00c\x00v\x00w\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | RegCloseKey |
Handle => 0x00000342 |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000346 SubKey => InprocHandler32 |
FAILURE | 0x00000002 | |
| 18:34:14,899 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000346 SubKey => InprocHandlerX86 |
FAILURE | 0x00000002 | |
| 18:34:14,899 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000346 SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:14,899 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000346 SubKey => LocalServer |
FAILURE | 0x00000002 | |
| 18:34:14,899 | 588 | RegOpenKeyExW |
Handle => 0x00000342 Registry => 0x0000034e SubKey => CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | RegQueryValueExW |
Handle => 0x00000342 DataLength => 100 ValueName => AppID Type => 1293184 |
FAILURE | 0x00000002 | |
| 18:34:14,899 | 588 | RegCloseKey |
Handle => 0x00000342 |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | RegCloseKey |
Handle => 0x00000346 |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | RegOpenKeyExW |
Handle => 0x00000346 Registry => 0x0000034e SubKey => CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | RegCloseKey |
Handle => 0x00000346 |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | RegOpenKeyExW |
Handle => 0x00000346 Registry => 0x0000034e SubKey => CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | RegOpenKeyExW |
Handle => 0x00000342 Registry => 0x00000346 SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | RegQueryValueExW |
Handle => 0x00000342 Data => A\x00p\x00a\x00r\x00t\x00m\x00e\x00n\x00t\x00\x00\x00 ValueName => ThreadingModel |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | RegCloseKey |
Handle => 0x00000342 |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | RegCloseKey |
Handle => 0x00000346 |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | RegOpenKeyExW |
Handle => 0x00000346 Registry => 0x80000000 SubKey => CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000346 SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:14,899 | 588 | RegCloseKey |
Handle => 0x00000346 |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => EXPLORER.EXE |
FAILURE | 3221225781 | 1 time |
| 18:34:14,899 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{871C5380-42A0-1069-A2EA-08002B30309D} |
FAILURE | 0x00000002 | |
| 18:34:14,899 | 588 | LdrLoadDll |
Flags => 1286268 BaseAddress => 0x771b0000 FileName => WININET.dll |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => InternetCrackUrlW FunctionAddress => 0x771f9c6e ModuleHandle => 0x771b0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => InternetCreateUrlW FunctionAddress => 0x771f9fab ModuleHandle => 0x771b0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | NtQueryInformationFile |
FileHandle => 0x00000174 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | RegOpenKeyExW |
Handle => 0x00000344 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | RegQueryValueExW |
Handle => 0x00000344 DataLength => 216 ValueName => Window Title Type => 1979744080 |
FAILURE | 0x00000002 | |
| 18:34:14,899 | 588 | RegCloseKey |
Handle => 0x00000344 |
SUCCESS | 0x00000000 | |
| 18:34:14,899 | 588 | GetSystemMetrics |
SystemMetricIndex => 31 |
SUCCESS | 0x00000019 | 7 times |
| 18:34:14,909 | 588 | LdrGetProcedureAddress |
Ordinal => 179 FunctionName => FunctionAddress => 0x7e34a538 ModuleHandle => 0x7e290000 |
SUCCESS | 0x00000000 | |
| 18:34:14,909 | 588 | NtOpenKey |
DesiredAccess => 2147483648 KeyHandle => 0x00000344 ObjectAttributes => \Registry\Machine\Software\Classes\CLSID\{9ba05972-f6a8-11cf-a442-00a0c90a8f39}\InProcServer32 |
SUCCESS | 0x00000000 | |
| 18:34:14,909 | 588 | NtQueryValueKey |
Information => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00s\x00h\x00d\x00o\x00c\x00v\x00w\x00.\x00d\x00l\x00l\x00\x00\x00 KeyHandle => 0x00000344 ValueName => Type => 2 |
SUCCESS | 0x00000000 | |
| 18:34:14,909 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7e290000 FileName => shdocvw.dll |
SUCCESS | 0x00000000 | |
| 18:34:14,909 | 588 | RegOpenKeyExW |
Handle => 0x00000344 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:14,909 | 588 | RegQueryValueExW |
Handle => 0x00000344 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:14,909 | 588 | RegCloseKey |
Handle => 0x00000344 |
SUCCESS | 0x00000000 | |
| 18:34:14,909 | 588 | RegOpenKeyExW |
Handle => 0x00000344 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:14,909 | 588 | RegQueryValueExW |
Handle => 0x00000344 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:14,909 | 588 | RegCloseKey |
Handle => 0x00000344 |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegCloseKey |
Handle => 0x0000034c |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | LdrLoadDll |
Flags => 23000976 BaseAddress => 0x7c9c0000 FileName => SHELL32.dll |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SHGetFolderPathW FunctionAddress => 0x7c9eed76 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegCreateKeyExW |
Handle => 0x00000340 Access => 33554432 Registry => 0x80000002 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegQueryValueExW |
Handle => 0x00000340 Data => %\x00A\x00L\x00L\x00U\x00S\x00E\x00R\x00S\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00A\x00p\x00p\x00l\x00i\x00c\x00a\x00t\x00i\x00o\x00n\x00 \x00D\x00a\x00t\x00a\x00\x00\x00 ValueName => Common AppData |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | LdrLoadDll |
Flags => 22999644 BaseAddress => 0x769c0000 FileName => USERENV.dll |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => ExpandEnvironmentStringsForUserW FunctionAddress => 0x769c7733 ModuleHandle => 0x769c0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegOpenKeyExW |
Handle => 0x00000350 Registry => 0x80000002 SubKey => Software\Microsoft\Windows NT\CurrentVersion\ProfileList |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegQueryValueExW |
Handle => 0x00000350 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00D\x00r\x00i\x00v\x00e\x00%\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\x00\x00 ValueName => ProfilesDirectory |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegCloseKey |
Handle => 0x00000350 |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegOpenKeyExW |
Handle => 0x00000350 Registry => 0x80000002 SubKey => Software\Microsoft\Windows NT\CurrentVersion\ProfileList |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegQueryValueExW |
Handle => 0x00000350 Data => A\x00l\x00l\x00 \x00U\x00s\x00e\x00r\x00s\x00\x00\x00 ValueName => AllUsersProfile |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegCloseKey |
Handle => 0x00000350 |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegOpenKeyExW |
Handle => 0x00000350 Registry => 0x80000002 SubKey => System\CurrentControlSet\Control\Session Manager\Environment |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegQueryInfoKeyW |
MaxClassLength => 0 MaxValueLength => 124 MaxValueNameLength => 22 ValueCount => 13 MaxSubKeyLength => 0 KeyHandle => 0x00000350 SubKeyCount => 0 Class => |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegEnumValueW |
Index => 0 Handle => 0x00000350 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00c\x00m\x00d\x00.\x00e\x00x\x00e\x00\x00\x00 ValueName => ComSpec |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegEnumValueW |
Index => 1 Handle => 0x00000350 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00;\x00%\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00;\x00%\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00S\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00W\x00b\x00e\x00m\x00\x00\x00 ValueName => Path |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegEnumValueW |
Index => 2 Handle => 0x00000350 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\x00\x00 ValueName => windir |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegEnumValueW |
Index => 3 Handle => 0x00000350 Data => N\x00O\x00\x00\x00 ValueName => FP_NO_HOST_CHECK |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegEnumValueW |
Index => 4 Handle => 0x00000350 Data => W\x00i\x00n\x00d\x00o\x00w\x00s\x00_\x00N\x00T\x00\x00\x00 ValueName => OS |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegEnumValueW |
Index => 5 Handle => 0x00000350 Data => x\x008\x006\x00\x00\x00 ValueName => PROCESSOR_ARCHITECTURE |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegEnumValueW |
Index => 6 Handle => 0x00000350 Data => 1\x005\x00\x00\x00 ValueName => PROCESSOR_LEVEL |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegEnumValueW |
Index => 7 Handle => 0x00000350 Data => x\x008\x006\x00 \x00F\x00a\x00m\x00i\x00l\x00y\x00 \x001\x005\x00 \x00M\x00o\x00d\x00e\x00l\x00 \x001\x000\x007\x00 \x00S\x00t\x00e\x00p\x00p\x00i\x00n\x00g\x00 \x001\x00,\x00 \x00A\x00u\x00t\x00h\x00e\x00n\x00t\x00i\x00c\x00A\x00M\x00D\x00\x00\x00 ValueName => PROCESSOR_IDENTIFIER |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegEnumValueW |
Index => 8 Handle => 0x00000350 Data => 6\x00b\x000\x001\x00\x00\x00 ValueName => PROCESSOR_REVISION |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegEnumValueW |
Index => 9 Handle => 0x00000350 Data => 1\x00\x00\x00 ValueName => NUMBER_OF_PROCESSORS |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegEnumValueW |
Index => 10 Handle => 0x00000350 Data => .\x00C\x00O\x00M\x00;\x00.\x00E\x00X\x00E\x00;\x00.\x00B\x00A\x00T\x00;\x00.\x00C\x00M\x00D\x00;\x00.\x00V\x00B\x00S\x00;\x00.\x00V\x00B\x00E\x00;\x00.\x00J\x00S\x00;\x00.\x00J\x00S\x00E\x00;\x00.\x00W\x00S\x00F\x00;\x00.\x00W\x00S\x00H\x00\x00\x00 ValueName => PATHEXT |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegEnumValueW |
Index => 11 Handle => 0x00000350 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00T\x00E\x00M\x00P\x00\x00\x00 ValueName => TEMP |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegEnumValueW |
Index => 12 Handle => 0x00000350 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00T\x00E\x00M\x00P\x00\x00\x00 ValueName => TMP |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegEnumValueW |
Index => 0 Handle => 0x00000350 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00c\x00m\x00d\x00.\x00e\x00x\x00e\x00\x00\x00 ValueName => ComSpec |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegEnumValueW |
Index => 1 Handle => 0x00000350 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00;\x00%\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00;\x00%\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00S\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00W\x00b\x00e\x00m\x00\x00\x00 ValueName => Path |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegEnumValueW |
Index => 2 Handle => 0x00000350 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\x00\x00 ValueName => windir |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegEnumValueW |
Index => 3 Handle => 0x00000350 Data => N\x00O\x00\x00\x00 ValueName => FP_NO_HOST_CHECK |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegEnumValueW |
Index => 4 Handle => 0x00000350 Data => W\x00i\x00n\x00d\x00o\x00w\x00s\x00_\x00N\x00T\x00\x00\x00 ValueName => OS |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegEnumValueW |
Index => 5 Handle => 0x00000350 Data => x\x008\x006\x00\x00\x00 ValueName => PROCESSOR_ARCHITECTURE |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegEnumValueW |
Index => 6 Handle => 0x00000350 Data => 1\x005\x00\x00\x00 ValueName => PROCESSOR_LEVEL |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegEnumValueW |
Index => 7 Handle => 0x00000350 Data => x\x008\x006\x00 \x00F\x00a\x00m\x00i\x00l\x00y\x00 \x001\x005\x00 \x00M\x00o\x00d\x00e\x00l\x00 \x001\x000\x007\x00 \x00S\x00t\x00e\x00p\x00p\x00i\x00n\x00g\x00 \x001\x00,\x00 \x00A\x00u\x00t\x00h\x00e\x00n\x00t\x00i\x00c\x00A\x00M\x00D\x00\x00\x00 ValueName => PROCESSOR_IDENTIFIER |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegEnumValueW |
Index => 8 Handle => 0x00000350 Data => 6\x00b\x000\x001\x00\x00\x00 ValueName => PROCESSOR_REVISION |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegEnumValueW |
Index => 9 Handle => 0x00000350 Data => 1\x00\x00\x00 ValueName => NUMBER_OF_PROCESSORS |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegEnumValueW |
Index => 10 Handle => 0x00000350 Data => .\x00C\x00O\x00M\x00;\x00.\x00E\x00X\x00E\x00;\x00.\x00B\x00A\x00T\x00;\x00.\x00C\x00M\x00D\x00;\x00.\x00V\x00B\x00S\x00;\x00.\x00V\x00B\x00E\x00;\x00.\x00J\x00S\x00;\x00.\x00J\x00S\x00E\x00;\x00.\x00W\x00S\x00F\x00;\x00.\x00W\x00S\x00H\x00\x00\x00 ValueName => PATHEXT |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegEnumValueW |
Index => 11 Handle => 0x00000350 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00T\x00E\x00M\x00P\x00\x00\x00 ValueName => TEMP |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegEnumValueW |
Index => 12 Handle => 0x00000350 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00T\x00E\x00M\x00P\x00\x00\x00 ValueName => TMP |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegCloseKey |
Handle => 0x00000350 |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x00000350 ObjectAttributes => \Registry\Machine\System\CurrentControlSet\Control\ComputerName |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x00000354 ObjectAttributes => ActiveComputerName |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | NtQueryValueKey |
Information => T\x00U\x00R\x00B\x00O\x00P\x00C\x00\x00\x00 KeyHandle => 0x00000354 ValueName => ComputerName Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegOpenKeyExW |
Handle => 0x00000350 Registry => 0x80000002 SubKey => Software\Microsoft\Windows NT\CurrentVersion\ProfileList |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegQueryValueExW |
Handle => 0x00000350 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00D\x00r\x00i\x00v\x00e\x00%\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\x00\x00 ValueName => ProfilesDirectory |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegCloseKey |
Handle => 0x00000350 |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegOpenKeyExW |
Handle => 0x00000350 Registry => 0x80000002 SubKey => Software\Microsoft\Windows NT\CurrentVersion\ProfileList |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegQueryValueExW |
Handle => 0x00000350 Data => D\x00e\x00f\x00a\x00u\x00l\x00t\x00 \x00U\x00s\x00e\x00r\x00\x00\x00 ValueName => DefaultUserProfile |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegCloseKey |
Handle => 0x00000350 |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegOpenKeyExW |
Handle => 0x00000350 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegQueryValueExW |
Handle => 0x00000350 Data => C\x00:\x00\\x00P\x00r\x00o\x00g\x00r\x00a\x00m\x00 \x00F\x00i\x00l\x00e\x00s\x00\x00\x00 ValueName => ProgramFilesDir |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegQueryValueExW |
Handle => 0x00000350 Data => C\x00:\x00\\x00P\x00r\x00o\x00g\x00r\x00a\x00m\x00 \x00F\x00i\x00l\x00e\x00s\x00\\x00C\x00o\x00m\x00m\x00o\x00n\x00 \x00F\x00i\x00l\x00e\x00s\x00\x00\x00 ValueName => CommonFilesDir |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegCloseKey |
Handle => 0x00000350 |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 1412 | RegOpenKeyExW |
Handle => 0x00000350 Registry => 0x80000003 SubKey => S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 588 | RegOpenKeyExW |
Handle => 0x00000356 Registry => 0x000000e6 SubKey => CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39} |
SUCCESS | 0x00000000 | |
| 18:34:14,939 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000356 SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:14,939 | 588 | RegOpenKeyExW |
Handle => 0x0000035a Registry => 0x000000e6 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 1412 | LdrLoadDll |
Flags => 22999044 BaseAddress => 0x5b860000 FileName => netapi32.dll |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 1412 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DsGetDcNameW FunctionAddress => 0x5b86d189 ModuleHandle => 0x5b860000 |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 1412 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DsGetSiteNameW FunctionAddress => 0x5b87299f ModuleHandle => 0x5b860000 |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 1412 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DsRoleGetPrimaryDomainInformation FunctionAddress => 0x5b86cfdd ModuleHandle => 0x5b860000 |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 1412 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DsRoleFreeMemory FunctionAddress => 0x5b86cedd ModuleHandle => 0x5b860000 |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 1412 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => NetApiBufferFree FunctionAddress => 0x5b867a00 ModuleHandle => 0x5b860000 |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 1412 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => NetUserGetGroups FunctionAddress => 0x5b894df0 ModuleHandle => 0x5b860000 |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 1412 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => NetUserGetInfo FunctionAddress => 0x5b86acf1 ModuleHandle => 0x5b860000 |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 1412 | NtWriteFile |
Buffer => \x05\x00\x0e\x03\x10\x00\x00\x00H\x00\x00\x00
\x00\x00\x00\xb8\x10\xb8\x10\x94E\x00\x00\x01\x00\x00\x00\x01\x00\x01\x00j(\x199\x0c\xb1\xd0\x11\x9b\xa8\x00\xc0O\xd9.\xf5\x00\x00\x00\x00\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x00\x00 FileHandle => 0x0000032c |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 1412 | NtReadFile |
Buffer => \x05\x00\x02\x03\x10\x00\x00\x000\x00\x00\x00 \x00\x00\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 FileHandle => 0x0000032c |
SUCCESS | 0x00000103 | |
| 18:34:14,979 | 588 | RegCloseKey |
Handle => 0x00000356 |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 588 | RegOpenKeyExW |
Handle => 0x00000356 Registry => 0x0000035a SubKey => CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39} |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 588 | RegOpenKeyExW |
Handle => 0x0000035e Registry => 0x00000356 SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 588 | RegQueryValueExW |
Handle => 0x0000035e DataLength => 1000 ValueName => InprocServer32 Type => 1568064 |
FAILURE | 0x00000002 | |
| 18:34:14,979 | 588 | RegCloseKey |
Handle => 0x0000035e |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000356 SubKey => InprocServerX86 |
FAILURE | 0x00000002 | |
| 18:34:14,979 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000356 SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:14,979 | 588 | RegOpenKeyExW |
Handle => 0x0000035e Registry => 0x00000356 SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 588 | RegQueryValueExW |
Handle => 0x0000035e Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00s\x00h\x00d\x00o\x00c\x00v\x00w\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 588 | RegCloseKey |
Handle => 0x0000035e |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000356 SubKey => InprocHandler32 |
FAILURE | 0x00000002 | |
| 18:34:14,979 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000356 SubKey => InprocHandlerX86 |
FAILURE | 0x00000002 | |
| 18:34:14,979 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000356 SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:14,979 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000356 SubKey => LocalServer |
FAILURE | 0x00000002 | |
| 18:34:14,979 | 588 | RegOpenKeyExW |
Handle => 0x0000035e Registry => 0x0000035a SubKey => CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39} |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 588 | RegQueryValueExW |
Handle => 0x0000035e DataLength => 100 ValueName => AppID Type => 1304480 |
FAILURE | 0x00000002 | |
| 18:34:14,979 | 588 | RegCloseKey |
Handle => 0x0000035e |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 588 | RegCloseKey |
Handle => 0x00000356 |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 588 | RegOpenKeyExW |
Handle => 0x00000356 Registry => 0x0000035a SubKey => CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39} |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 588 | RegCloseKey |
Handle => 0x00000356 |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 588 | RegOpenKeyExW |
Handle => 0x00000356 Registry => 0x0000035a SubKey => CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39} |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 588 | RegOpenKeyExW |
Handle => 0x0000035e Registry => 0x00000356 SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 588 | RegQueryValueExW |
Handle => 0x0000035e Data => A\x00p\x00a\x00r\x00t\x00m\x00e\x00n\x00t\x00\x00\x00 ValueName => ThreadingModel |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 588 | RegCloseKey |
Handle => 0x0000035e |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 588 | RegCloseKey |
Handle => 0x00000356 |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 588 | RegOpenKeyExW |
Handle => 0x00000356 Registry => 0x80000000 SubKey => CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39} |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000356 SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:14,979 | 588 | RegCloseKey |
Handle => 0x00000356 |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoGetClassObject FunctionAddress => 0x775156c5 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 588 | RegOpenKeyExW |
Handle => 0x00000356 Registry => 0x0000035a SubKey => CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39} |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 588 | RegCloseKey |
Handle => 0x00000356 |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 1412 | RegOpenKeyExW |
Handle => 0x0000035c Registry => 0x80000002 SubKey => Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 1412 | RegQueryValueExW |
Handle => 0x0000035c Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00D\x00r\x00i\x00v\x00e\x00%\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\x00\x00 ValueName => ProfileImagePath |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 1412 | RegCloseKey |
Handle => 0x0000035c |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 1412 | RegCreateKeyExW |
Handle => 0x0000035c Access => 131103 Registry => 0x00000350 Class => SubKey => Software\Microsoft\Windows NT\CurrentVersion\Winlogon |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 1412 | RegQueryValueExW |
Handle => 0x0000035c Data => 1\x00\x00\x00 ValueName => ParseAutoexec |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 1412 | RegCloseKey |
Handle => 0x0000035c |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 1412 | NtCreateFile |
ShareAccess => 1 FileName => c:\autoexec.bat DesiredAccess => 0x80100080 CreateDisposition => 1 FileHandle => 0x0000035c |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 1412 | NtQueryInformationFile |
FileHandle => 0x0000035c FileInformation => \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 1412 | NtReadFile |
Buffer => FileHandle => 0x0000035c |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 1412 | RegOpenKeyExW |
Handle => 0x0000035c Registry => 0x00000350 SubKey => Environment |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 1412 | RegEnumValueW |
Index => 0 Handle => 0x0000035c Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00L\x00o\x00c\x00a\x00l\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00e\x00m\x00p\x00\x00\x00 ValueName => TEMP |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 1412 | RegEnumValueW |
Index => 1 Handle => 0x0000035c Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00L\x00o\x00c\x00a\x00l\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00e\x00m\x00p\x00\x00\x00 ValueName => TMP |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 1412 | RegEnumValueW |
Index => 2 Handle => 0x0000035c DataLength => 4096 ValueName => TMP Type => 22999204 |
FAILURE | 0x00000103 | |
| 18:34:14,979 | 1412 | RegEnumValueW |
Index => 0 Handle => 0x0000035c Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00L\x00o\x00c\x00a\x00l\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00e\x00m\x00p\x00\x00\x00 ValueName => TEMP |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 1412 | FindFirstFileExW |
FileName => C:\Documents and Settings |
SUCCESS | 0x00183cb0 | |
| 18:34:14,979 | 1412 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings |
SUCCESS | 0x00183cb0 | |
| 18:34:14,979 | 1412 | RegEnumValueW |
Index => 1 Handle => 0x0000035c Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00L\x00o\x00c\x00a\x00l\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00e\x00m\x00p\x00\x00\x00 ValueName => TMP |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 1412 | FindFirstFileExW |
FileName => C:\Documents and Settings |
SUCCESS | 0x00183cb0 | |
| 18:34:14,979 | 1412 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings |
SUCCESS | 0x00183cb0 | |
| 18:34:14,979 | 1412 | RegEnumValueW |
Index => 2 Handle => 0x0000035c DataLength => 4096 ValueName => TMP Type => 22999204 |
FAILURE | 0x00000103 | |
| 18:34:14,979 | 1412 | RegCloseKey |
Handle => 0x0000035c |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 1412 | RegOpenKeyExW |
Handle => 0x0000035c Registry => 0x00000350 SubKey => Volatile Environment |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 1412 | RegEnumValueW |
Index => 0 Handle => 0x0000035c Data => \\x00\\x00T\x00U\x00R\x00B\x00O\x00P\x00C\x00\x00\x00 ValueName => LOGONSERVER |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 1412 | RegEnumValueW |
Index => 1 Handle => 0x0000035c Data => C\x00o\x00n\x00s\x00o\x00l\x00e\x00\x00\x00 ValueName => CLIENTNAME |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 1412 | RegEnumValueW |
Index => 2 Handle => 0x0000035c Data => C\x00o\x00n\x00s\x00o\x00l\x00e\x00\x00\x00 ValueName => SESSIONNAME |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 1412 | RegEnumValueW |
Index => 3 Handle => 0x0000035c Data => C\x00:\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\\x00A\x00p\x00p\x00l\x00i\x00c\x00a\x00t\x00i\x00o\x00n\x00 \x00D\x00a\x00t\x00a\x00\x00\x00 ValueName => APPDATA |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 1412 | RegEnumValueW |
Index => 4 Handle => 0x0000035c Data => C\x00:\x00\x00\x00 ValueName => HOMEDRIVE |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 1412 | RegEnumValueW |
Index => 5 Handle => 0x0000035c Data => \x00\x00 ValueName => HOMESHARE |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 1412 | RegEnumValueW |
Index => 6 Handle => 0x0000035c Data => \\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\x00\x00 ValueName => HOMEPATH |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 1412 | RegEnumValueW |
Index => 7 Handle => 0x0000035c DataLength => 4096 ValueName => HOMEPATH Type => 22999204 |
FAILURE | 0x00000103 | |
| 18:34:14,979 | 1412 | RegEnumValueW |
Index => 0 Handle => 0x0000035c Data => \\x00\\x00T\x00U\x00R\x00B\x00O\x00P\x00C\x00\x00\x00 ValueName => LOGONSERVER |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 1412 | RegEnumValueW |
Index => 1 Handle => 0x0000035c Data => C\x00o\x00n\x00s\x00o\x00l\x00e\x00\x00\x00 ValueName => CLIENTNAME |
SUCCESS | 0x00000000 | |
| 18:34:14,979 | 1412 | RegEnumValueW |
Index => 2 Handle => 0x0000035c Data => C\x00o\x00n\x00s\x00o\x00l\x00e\x00\x00\x00 ValueName => SESSIONNAME |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1516 | CreateThread |
ThreadId => 1444 StartRoutine => 0x77e76c7d Parameter => 0x001b5290 CreationFlags => 0 |
SUCCESS | 0x00000368 | |
| 18:34:15,019 | 1444 | NtDelayExecution |
Milliseconds => 100 |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegEnumValueW |
Index => 3 Handle => 0x0000035c Data => C\x00:\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\\x00A\x00p\x00p\x00l\x00i\x00c\x00a\x00t\x00i\x00o\x00n\x00 \x00D\x00a\x00t\x00a\x00\x00\x00 ValueName => APPDATA |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegEnumValueW |
Index => 4 Handle => 0x0000035c Data => C\x00:\x00\x00\x00 ValueName => HOMEDRIVE |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegEnumValueW |
Index => 5 Handle => 0x0000035c Data => \x00\x00 ValueName => HOMESHARE |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegEnumValueW |
Index => 6 Handle => 0x0000035c Data => \\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\x00\x00 ValueName => HOMEPATH |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegEnumValueW |
Index => 7 Handle => 0x0000035c DataLength => 4096 ValueName => HOMEPATH Type => 22999204 |
FAILURE | 0x00000103 | |
| 18:34:15,019 | 1412 | RegCloseKey |
Handle => 0x0000035c |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegCloseKey |
Handle => 0x00000350 |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | NtFreeVirtualMemory |
FreeType => 0x00008000 ProcessHandle => 0xffffffff RegionSize => 0x00001000 BaseAddress => 0x00fc0000 |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegCloseKey |
Handle => 0x00000340 |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegCreateKeyExW |
Handle => 0x00000340 Access => 33554432 Registry => 0x80000002 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegSetValueExW |
Handle => 0x00000340 Buffer => C\x00:\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00A\x00l\x00l\x00 \x00U\x00s\x00e\x00r\x00s\x00\\x00A\x00p\x00p\x00l\x00i\x00c\x00a\x00t\x00i\x00o\x00n\x00 \x00D\x00a\x00t\x00a\x00\x00\x00 ValueName => Common AppData Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegCloseKey |
Handle => 0x00000340 |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | FindFirstFileExW |
FileName => C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk |
SUCCESS | 4294967295 | |
| 18:34:15,019 | 1412 | FindFirstFileExW |
FileName => C:\WINDOWS\system32\Ras\*.pbk |
SUCCESS | 4294967295 | |
| 18:34:15,019 | 1412 | RegOpenKeyExW |
Handle => 0x00000340 Registry => 0x80000003 SubKey => S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegCreateKeyExW |
Handle => 0x00000350 Access => 33554432 Registry => 0x00000340 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegCloseKey |
Handle => 0x00000340 |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegQueryValueExW |
Handle => 0x00000350 Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00A\x00p\x00p\x00l\x00i\x00c\x00a\x00t\x00i\x00o\x00n\x00 \x00D\x00a\x00t\x00a\x00\x00\x00 ValueName => AppData |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegOpenKeyExW |
Handle => 0x00000340 Registry => 0x80000002 SubKey => Software\Microsoft\Windows NT\CurrentVersion\ProfileList |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegQueryValueExW |
Handle => 0x00000340 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00D\x00r\x00i\x00v\x00e\x00%\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\x00\x00 ValueName => ProfilesDirectory |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegCloseKey |
Handle => 0x00000340 |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegOpenKeyExW |
Handle => 0x00000340 Registry => 0x80000002 SubKey => Software\Microsoft\Windows NT\CurrentVersion\ProfileList |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegQueryValueExW |
Handle => 0x00000340 Data => A\x00l\x00l\x00 \x00U\x00s\x00e\x00r\x00s\x00\x00\x00 ValueName => AllUsersProfile |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegCloseKey |
Handle => 0x00000340 |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegOpenKeyExW |
Handle => 0x00000340 Registry => 0x80000002 SubKey => System\CurrentControlSet\Control\Session Manager\Environment |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegQueryInfoKeyW |
MaxClassLength => 0 MaxValueLength => 124 MaxValueNameLength => 22 ValueCount => 13 MaxSubKeyLength => 0 KeyHandle => 0x00000340 SubKeyCount => 0 Class => |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegEnumValueW |
Index => 0 Handle => 0x00000340 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00c\x00m\x00d\x00.\x00e\x00x\x00e\x00\x00\x00 ValueName => ComSpec |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegEnumValueW |
Index => 1 Handle => 0x00000340 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00;\x00%\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00;\x00%\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00S\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00W\x00b\x00e\x00m\x00\x00\x00 ValueName => Path |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegEnumValueW |
Index => 2 Handle => 0x00000340 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\x00\x00 ValueName => windir |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegEnumValueW |
Index => 3 Handle => 0x00000340 Data => N\x00O\x00\x00\x00 ValueName => FP_NO_HOST_CHECK |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegEnumValueW |
Index => 4 Handle => 0x00000340 Data => W\x00i\x00n\x00d\x00o\x00w\x00s\x00_\x00N\x00T\x00\x00\x00 ValueName => OS |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegEnumValueW |
Index => 5 Handle => 0x00000340 Data => x\x008\x006\x00\x00\x00 ValueName => PROCESSOR_ARCHITECTURE |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegEnumValueW |
Index => 6 Handle => 0x00000340 Data => 1\x005\x00\x00\x00 ValueName => PROCESSOR_LEVEL |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegEnumValueW |
Index => 7 Handle => 0x00000340 Data => x\x008\x006\x00 \x00F\x00a\x00m\x00i\x00l\x00y\x00 \x001\x005\x00 \x00M\x00o\x00d\x00e\x00l\x00 \x001\x000\x007\x00 \x00S\x00t\x00e\x00p\x00p\x00i\x00n\x00g\x00 \x001\x00,\x00 \x00A\x00u\x00t\x00h\x00e\x00n\x00t\x00i\x00c\x00A\x00M\x00D\x00\x00\x00 ValueName => PROCESSOR_IDENTIFIER |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegEnumValueW |
Index => 8 Handle => 0x00000340 Data => 6\x00b\x000\x001\x00\x00\x00 ValueName => PROCESSOR_REVISION |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegEnumValueW |
Index => 9 Handle => 0x00000340 Data => 1\x00\x00\x00 ValueName => NUMBER_OF_PROCESSORS |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegEnumValueW |
Index => 10 Handle => 0x00000340 Data => .\x00C\x00O\x00M\x00;\x00.\x00E\x00X\x00E\x00;\x00.\x00B\x00A\x00T\x00;\x00.\x00C\x00M\x00D\x00;\x00.\x00V\x00B\x00S\x00;\x00.\x00V\x00B\x00E\x00;\x00.\x00J\x00S\x00;\x00.\x00J\x00S\x00E\x00;\x00.\x00W\x00S\x00F\x00;\x00.\x00W\x00S\x00H\x00\x00\x00 ValueName => PATHEXT |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegEnumValueW |
Index => 11 Handle => 0x00000340 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00T\x00E\x00M\x00P\x00\x00\x00 ValueName => TEMP |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegEnumValueW |
Index => 12 Handle => 0x00000340 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00T\x00E\x00M\x00P\x00\x00\x00 ValueName => TMP |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegEnumValueW |
Index => 0 Handle => 0x00000340 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00c\x00m\x00d\x00.\x00e\x00x\x00e\x00\x00\x00 ValueName => ComSpec |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegEnumValueW |
Index => 1 Handle => 0x00000340 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00;\x00%\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00;\x00%\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00S\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00W\x00b\x00e\x00m\x00\x00\x00 ValueName => Path |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegEnumValueW |
Index => 2 Handle => 0x00000340 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\x00\x00 ValueName => windir |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegEnumValueW |
Index => 3 Handle => 0x00000340 Data => N\x00O\x00\x00\x00 ValueName => FP_NO_HOST_CHECK |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegEnumValueW |
Index => 4 Handle => 0x00000340 Data => W\x00i\x00n\x00d\x00o\x00w\x00s\x00_\x00N\x00T\x00\x00\x00 ValueName => OS |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegEnumValueW |
Index => 5 Handle => 0x00000340 Data => x\x008\x006\x00\x00\x00 ValueName => PROCESSOR_ARCHITECTURE |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegEnumValueW |
Index => 6 Handle => 0x00000340 Data => 1\x005\x00\x00\x00 ValueName => PROCESSOR_LEVEL |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegEnumValueW |
Index => 7 Handle => 0x00000340 Data => x\x008\x006\x00 \x00F\x00a\x00m\x00i\x00l\x00y\x00 \x001\x005\x00 \x00M\x00o\x00d\x00e\x00l\x00 \x001\x000\x007\x00 \x00S\x00t\x00e\x00p\x00p\x00i\x00n\x00g\x00 \x001\x00,\x00 \x00A\x00u\x00t\x00h\x00e\x00n\x00t\x00i\x00c\x00A\x00M\x00D\x00\x00\x00 ValueName => PROCESSOR_IDENTIFIER |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegEnumValueW |
Index => 8 Handle => 0x00000340 Data => 6\x00b\x000\x001\x00\x00\x00 ValueName => PROCESSOR_REVISION |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegEnumValueW |
Index => 9 Handle => 0x00000340 Data => 1\x00\x00\x00 ValueName => NUMBER_OF_PROCESSORS |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegEnumValueW |
Index => 10 Handle => 0x00000340 Data => .\x00C\x00O\x00M\x00;\x00.\x00E\x00X\x00E\x00;\x00.\x00B\x00A\x00T\x00;\x00.\x00C\x00M\x00D\x00;\x00.\x00V\x00B\x00S\x00;\x00.\x00V\x00B\x00E\x00;\x00.\x00J\x00S\x00;\x00.\x00J\x00S\x00E\x00;\x00.\x00W\x00S\x00F\x00;\x00.\x00W\x00S\x00H\x00\x00\x00 ValueName => PATHEXT |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegEnumValueW |
Index => 11 Handle => 0x00000340 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00T\x00E\x00M\x00P\x00\x00\x00 ValueName => TEMP |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegEnumValueW |
Index => 12 Handle => 0x00000340 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00T\x00E\x00M\x00P\x00\x00\x00 ValueName => TMP |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegCloseKey |
Handle => 0x00000340 |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x00000340 ObjectAttributes => \Registry\Machine\System\CurrentControlSet\Control\ComputerName |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | NtOpenKey |
DesiredAccess => 131097 KeyHandle => 0x0000035c ObjectAttributes => ActiveComputerName |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | NtQueryValueKey |
Information => T\x00U\x00R\x00B\x00O\x00P\x00C\x00\x00\x00 KeyHandle => 0x0000035c ValueName => ComputerName Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegOpenKeyExW |
Handle => 0x00000340 Registry => 0x80000002 SubKey => Software\Microsoft\Windows NT\CurrentVersion\ProfileList |
SUCCESS | 0x00000000 | |
| 18:34:15,019 | 1412 | RegQueryValueExW |
Handle => 0x00000340 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00D\x00r\x00i\x00v\x00e\x00%\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\x00\x00 ValueName => ProfilesDirectory |
SUCCESS | 0x00000000 | |
| 18:34:15,149 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoGetClassObject FunctionAddress => 0x775156c5 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:15,149 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoGetMarshalSizeMax FunctionAddress => 0x7752d6c0 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:15,149 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoMarshalInterface FunctionAddress => 0x7750ea71 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:15,149 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoUnmarshalInterface FunctionAddress => 0x7752d7f4 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:15,149 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => StringFromIID FunctionAddress => 0x7754659b ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:15,149 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoGetPSClsid FunctionAddress => 0x775197f0 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:15,149 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoTaskMemAlloc FunctionAddress => 0x774fd060 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:15,149 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoTaskMemFree FunctionAddress => 0x774fd044 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:15,149 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoCreateInstance FunctionAddress => 0x7750057e ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:15,149 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoReleaseMarshalData FunctionAddress => 0x7750df23 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:15,149 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DcomChannelSetHResult FunctionAddress => 0x7752b1b7 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:15,149 | 588 | RegOpenKeyExW |
Handle => 0x0000038a Registry => 0x80000000 SubKey => Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85} |
SUCCESS | 0x00000000 | |
| 18:34:15,149 | 588 | RegOpenKeyExW |
Handle => 0x0000038e Registry => 0x0000038a SubKey => ProxyStubClsid32 |
SUCCESS | 0x00000000 | |
| 18:34:15,149 | 588 | RegQueryValueExW |
Handle => 0x0000038e Data => {\x000\x000\x000\x002\x000\x004\x002\x004\x00-\x000\x000\x000\x000\x00-\x000\x000\x000\x000\x00-\x00C\x000\x000\x000\x00-\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x004\x006\x00}\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:15,149 | 588 | RegCloseKey |
Handle => 0x0000038e |
SUCCESS | 0x00000000 | |
| 18:34:15,149 | 588 | RegCloseKey |
Handle => 0x0000038a |
SUCCESS | 0x00000000 | |
| 18:34:15,149 | 588 | RegOpenKeyExW |
Handle => 0x00000388 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:15,149 | 588 | RegQueryValueExW |
Handle => 0x00000388 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:15,149 | 588 | RegCloseKey |
Handle => 0x00000388 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegOpenKeyExW |
Handle => 0x00000388 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegQueryValueExW |
Handle => 0x00000388 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegCloseKey |
Handle => 0x00000388 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegOpenKeyExW |
Handle => 0x0000038a Registry => 0x000000e6 SubKey => CLSID\{00020424-0000-0000-C000-000000000046} |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000038a SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:15,159 | 588 | RegOpenKeyExW |
Handle => 0x0000038e Registry => 0x000000e6 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegCloseKey |
Handle => 0x0000038a |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegOpenKeyExW |
Handle => 0x0000038a Registry => 0x0000038e SubKey => CLSID\{00020424-0000-0000-C000-000000000046} |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegOpenKeyExW |
Handle => 0x00000392 Registry => 0x0000038a SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegQueryValueExW |
Handle => 0x00000392 DataLength => 1000 ValueName => InprocServer32 Type => 1567048 |
FAILURE | 0x00000002 | |
| 18:34:15,159 | 588 | RegCloseKey |
Handle => 0x00000392 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000038a SubKey => InprocServerX86 |
FAILURE | 0x00000002 | |
| 18:34:15,159 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000038a SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:15,159 | 588 | RegOpenKeyExW |
Handle => 0x00000392 Registry => 0x0000038a SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegQueryValueExW |
Handle => 0x00000392 Data => o\x00l\x00e\x00a\x00u\x00t\x003\x002\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegCloseKey |
Handle => 0x00000392 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000038a SubKey => InprocHandler32 |
FAILURE | 0x00000002 | |
| 18:34:15,159 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000038a SubKey => InprocHandlerX86 |
FAILURE | 0x00000002 | |
| 18:34:15,159 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000038a SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:15,159 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000038a SubKey => LocalServer |
FAILURE | 0x00000002 | |
| 18:34:15,159 | 588 | RegOpenKeyExW |
Handle => 0x00000392 Registry => 0x0000038e SubKey => CLSID\{00020424-0000-0000-C000-000000000046} |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegQueryValueExW |
Handle => 0x00000392 DataLength => 100 ValueName => AppID Type => 1299528 |
FAILURE | 0x00000002 | |
| 18:34:15,159 | 588 | RegCloseKey |
Handle => 0x00000392 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegCloseKey |
Handle => 0x0000038a |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegCloseKey |
Handle => 0x0000038e |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegOpenKeyExW |
Handle => 0x0000038c Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegQueryValueExW |
Handle => 0x0000038c Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegCloseKey |
Handle => 0x0000038c |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegOpenKeyExW |
Handle => 0x0000038c Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegQueryValueExW |
Handle => 0x0000038c Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegCloseKey |
Handle => 0x0000038c |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegOpenKeyExW |
Handle => 0x0000038e Registry => 0x000000e6 SubKey => CLSID\{00020424-0000-0000-C000-000000000046} |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000038e SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:15,159 | 588 | RegOpenKeyExW |
Handle => 0x0000038a Registry => 0x000000e6 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegCloseKey |
Handle => 0x0000038e |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegOpenKeyExW |
Handle => 0x0000038e Registry => 0x0000038a SubKey => CLSID\{00020424-0000-0000-C000-000000000046} |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegOpenKeyExW |
Handle => 0x00000392 Registry => 0x0000038e SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegQueryValueExW |
Handle => 0x00000392 DataLength => 1000 ValueName => InprocServer32 Type => 1567048 |
FAILURE | 0x00000002 | |
| 18:34:15,159 | 588 | RegCloseKey |
Handle => 0x00000392 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000038e SubKey => InprocServerX86 |
FAILURE | 0x00000002 | |
| 18:34:15,159 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000038e SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:15,159 | 588 | RegOpenKeyExW |
Handle => 0x00000392 Registry => 0x0000038e SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegQueryValueExW |
Handle => 0x00000392 Data => o\x00l\x00e\x00a\x00u\x00t\x003\x002\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegCloseKey |
Handle => 0x00000392 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000038e SubKey => InprocHandler32 |
FAILURE | 0x00000002 | |
| 18:34:15,159 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000038e SubKey => InprocHandlerX86 |
FAILURE | 0x00000002 | |
| 18:34:15,159 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000038e SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:15,159 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000038e SubKey => LocalServer |
FAILURE | 0x00000002 | |
| 18:34:15,159 | 588 | RegOpenKeyExW |
Handle => 0x00000392 Registry => 0x0000038a SubKey => CLSID\{00020424-0000-0000-C000-000000000046} |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegQueryValueExW |
Handle => 0x00000392 DataLength => 100 ValueName => AppID Type => 1299444 |
FAILURE | 0x00000002 | |
| 18:34:15,159 | 588 | RegCloseKey |
Handle => 0x00000392 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegCloseKey |
Handle => 0x0000038e |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegOpenKeyExW |
Handle => 0x0000038e Registry => 0x80000000 SubKey => CLSID\{00020424-0000-0000-C000-000000000046} |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000038e SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:15,159 | 588 | RegCloseKey |
Handle => 0x0000038e |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegOpenKeyExW |
Handle => 0x0000038e Registry => 0x0000038a SubKey => CLSID\{00020424-0000-0000-C000-000000000046} |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegOpenKeyExW |
Handle => 0x00000392 Registry => 0x0000038e SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegQueryValueExW |
Handle => 0x00000392 Data => B\x00o\x00t\x00h\x00\x00\x00 ValueName => ThreadingModel |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegCloseKey |
Handle => 0x00000392 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegCloseKey |
Handle => 0x0000038e |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | LdrLoadDll |
Flags => 1299200 BaseAddress => 0x77120000 FileName => oleaut32.dll |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DllGetClassObject FunctionAddress => 0x7713282d ModuleHandle => 0x77120000 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DllCanUnloadNow FunctionAddress => 0x771216e0 ModuleHandle => 0x77120000 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | LdrLoadDll |
Flags => 1299524 BaseAddress => 0x77e70000 FileName => C:\WINDOWS\system32\rpcrt4.dll |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RpcRaiseException FunctionAddress => 0x77ea042e ModuleHandle => 0x77e70000 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => IUnknown_QueryInterface_Proxy FunctionAddress => 0x77ef4b52 ModuleHandle => 0x77e70000 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => IUnknown_AddRef_Proxy FunctionAddress => 0x77ef5039 ModuleHandle => 0x77e70000 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => IUnknown_Release_Proxy FunctionAddress => 0x77ef4ad7 ModuleHandle => 0x77e70000 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CStdStubBuffer_QueryInterface FunctionAddress => 0x77ef73ef ModuleHandle => 0x77e70000 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CStdStubBuffer_AddRef FunctionAddress => 0x77ef4876 ModuleHandle => 0x77e70000 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CStdStubBuffer_Connect FunctionAddress => 0x77ef773b ModuleHandle => 0x77e70000 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CStdStubBuffer_Disconnect FunctionAddress => 0x77ef4a65 ModuleHandle => 0x77e70000 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CStdStubBuffer_Invoke FunctionAddress => 0x77ef4b71 ModuleHandle => 0x77e70000 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CStdStubBuffer_IsIIDSupported FunctionAddress => 0x77ef7864 ModuleHandle => 0x77e70000 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CStdStubBuffer_CountRefs FunctionAddress => 0x77ef766a ModuleHandle => 0x77e70000 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CStdStubBuffer_DebugServerQueryInterface FunctionAddress => 0x77ef76af ModuleHandle => 0x77e70000 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CStdStubBuffer_DebugServerRelease FunctionAddress => 0x77ef76d6 ModuleHandle => 0x77e70000 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => NdrOleAllocate FunctionAddress => 0x77e8a505 ModuleHandle => 0x77e70000 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => NdrOleFree FunctionAddress => 0x77e7b635 ModuleHandle => 0x77e70000 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => NdrClientCall FunctionAddress => 0x77ef85b5 ModuleHandle => 0x77e70000 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => NdrStubCall FunctionAddress => 0x77efa0bc ModuleHandle => 0x77e70000 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => NdrDllGetClassObject FunctionAddress => 0x77ef475d ModuleHandle => 0x77e70000 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => NdrDllCanUnloadNow FunctionAddress => 0x77ef485d ModuleHandle => 0x77e70000 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => NdrStubForwardingFunction FunctionAddress => 0x77ef7711 ModuleHandle => 0x77e70000 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => NdrCStdStubBuffer_Release FunctionAddress => 0x77ef4a2c ModuleHandle => 0x77e70000 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => NdrCStdStubBuffer2_Release FunctionAddress => 0x77ef5c45 ModuleHandle => 0x77e70000 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => NdrDllRegisterProxy FunctionAddress => 0x77ed3211 ModuleHandle => 0x77e70000 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => NdrDllUnregisterProxy FunctionAddress => 0x77ed3491 ModuleHandle => 0x77e70000 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => NdrClientCall2 FunctionAddress => 0x77ef44d0 ModuleHandle => 0x77e70000 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => NdrStubCall2 FunctionAddress => 0x77ef4005 ModuleHandle => 0x77e70000 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => NdrGetUserMarshalInfo FunctionAddress => 0x77e8ec78 ModuleHandle => 0x77e70000 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CreateProxyFromTypeInfo FunctionAddress => 0x77e8ea5d ModuleHandle => 0x77e70000 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CreateStubFromTypeInfo FunctionAddress => 0x77e8a0ad ModuleHandle => 0x77e70000 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => NdrGetDcomProtocolVersion FunctionAddress => 0x77e9a5f2 ModuleHandle => 0x77e70000 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | LdrLoadDll |
Flags => 1299952 BaseAddress => 0x7e720000 FileName => SXS.DLL |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SxsOleAut32MapIIDToProxyStubCLSID FunctionAddress => 0x7e747a8f ModuleHandle => 0x7e720000 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegOpenKeyExA |
Handle => 0x0000038e Registry => 0x00000072 SubKey => Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\ProxyStubClsid32 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegQueryValueExA |
Handle => 0x0000038e Data => {00020424-0000-0000-C000-000000000046}\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SxsOleAut32MapIIDToTLBPath FunctionAddress => 0x7e747b6b ModuleHandle => 0x7e720000 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x00000072 SubKey => Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\Forward |
FAILURE | 0x00000002 | |
| 18:34:15,159 | 588 | RegOpenKeyExA |
Handle => 0x0000038e Registry => 0x80000000 SubKey => Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\TypeLib |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegQueryValueExA |
Handle => 0x0000038e Data => {EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegQueryValueExA |
Handle => 0x0000038e Data => 1.1\x00 ValueName => Version |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegCloseKey |
Handle => 0x0000038e |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegOpenKeyExA |
Handle => 0x0000038e Registry => 0x80000000 SubKey => TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B} |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegEnumKeyExA |
Index => 0 Handle => 0x0000038e Name => 1.1 Class => |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegEnumKeyExA |
Index => 1 Handle => 0x0000038e Name => 1.1 Class => |
FAILURE | 0x00000103 | |
| 18:34:15,159 | 588 | RegOpenKeyExA |
Handle => 0x00000396 Registry => 0x0000038e SubKey => 1.1 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegEnumKeyExA |
Index => 0 Handle => 0x00000396 Name => 0 Class => |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegOpenKeyExA |
Handle => 0x0000039a Registry => 0x00000396 SubKey => 0 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegOpenKeyExA |
Handle => 0x0000039e Registry => 0x0000039a SubKey => win32 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | RegQueryValueExA |
Handle => 0x0000039e Data => C:\WINDOWS\system32\shdocvw.dll\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | NtCreateFile |
ShareAccess => 1 FileName => C:\WINDOWS\system32\shdocvw.dll DesiredAccess => 0x80100080 CreateDisposition => 1 FileHandle => 0x000003a0 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | NtQueryInformationFile |
FileHandle => 0x000003a0 FileInformation => \x00\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | NtSetInformationFile |
FileHandle => 0x000003a0 FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | NtReadFile |
Buffer => MZ\x90\x00\x03\x00\x00\x00\x04\x00\x00\x00\xff\xff\x00\x00\xb8\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf0\x00\x00\x00 FileHandle => 0x000003a0 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | NtSetInformationFile |
FileHandle => 0x000003a0 FileInformation => |
SUCCESS | 0x00000000 | 1 time |
| 18:34:15,159 | 588 | NtReadFile |
Buffer => PE\x00\x00 FileHandle => 0x000003a0 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | NtReadFile |
Buffer => L\x01\x04\x00\x10\xa1\x02H\x00\x00\x00\x00\x00\x00\x00\x00\xe0\x00\x0e! FileHandle => 0x000003a0 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | NtQueryInformationFile |
FileHandle => 0x000003a0 FileInformation => \x08\x01\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | NtSetInformationFile |
FileHandle => 0x000003a0 FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | NtReadFile |
Buffer => .text\x00\x00\x00\x80\x84
\x00\x00\x10\x00\x00\x00\x86
\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00` FileHandle => 0x000003a0 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | NtReadFile |
Buffer => .data\x00\x00\x000\x1d\x00\x00\x00\xa0
\x00\x00\x18\x00\x00\x00\x8a
\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\xc0 FileHandle => 0x000003a0 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | NtReadFile |
Buffer => .rsrc\x00\x00\x000\x8b\x08\x00\x00\xc0
\x00\x00\x8c\x08\x00\x00\xa2
\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00@ FileHandle => 0x000003a0 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | NtQueryInformationFile |
FileHandle => 0x000003a0 FileInformation => `\x02\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | NtSetInformationFile |
FileHandle => 0x000003a0 FileInformation => |
SUCCESS | 0x00000000 | 1 time |
| 18:34:15,159 | 588 | NtReadFile |
Buffer => \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00 \x00 FileHandle => 0x000003a0 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | NtReadFile |
Buffer => 2#\x00\x80p\x00\x00\x80 FileHandle => 0x000003a0 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | NtQueryInformationFile |
FileHandle => 0x000003a0 FileInformation => \x18\xa2 \x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | NtSetInformationFile |
FileHandle => 0x000003a0 FileInformation => |
SUCCESS | 0x00000000 | 1 time |
| 18:34:15,159 | 588 | NtReadFile |
Buffer => \x03\x00 FileHandle => 0x000003a0 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | NtSetInformationFile |
FileHandle => 0x000003a0 FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | NtReadFile |
Buffer => \xf0"\x00\x80\x90\x00\x00\x80 FileHandle => 0x000003a0 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | NtQueryInformationFile |
FileHandle => 0x000003a0 FileInformation => \xa2 \x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | NtSetInformationFile |
FileHandle => 0x000003a0 FileInformation => |
SUCCESS | 0x00000000 | 1 time |
| 18:34:15,159 | 588 | NtReadFile |
Buffer => \x07\x00 FileHandle => 0x000003a0 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | NtReadFile |
Buffer => R\x00E\x00G\x00I\x00N\x00S\x00T\x00 FileHandle => 0x000003a0 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | NtSetInformationFile |
FileHandle => 0x000003a0 FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | NtReadFile |
Buffer => "#\x00\x80\xa8\x00\x00\x80 FileHandle => 0x000003a0 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | NtQueryInformationFile |
FileHandle => 0x000003a0 FileInformation => (\xa2 \x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | NtSetInformationFile |
FileHandle => 0x000003a0 FileInformation => |
SUCCESS | 0x00000000 | 1 time |
| 18:34:15,159 | 588 | NtReadFile |
Buffer => \x07\x00 FileHandle => 0x000003a0 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | NtReadFile |
Buffer => T\x00Y\x00P\x00E\x00L\x00I\x00B\x00 FileHandle => 0x000003a0 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | NtSetInformationFile |
FileHandle => 0x000003a0 FileInformation => |
SUCCESS | 0x00000000 | 1 time |
| 18:34:15,159 | 588 | NtQueryInformationFile |
FileHandle => 0x000003a0 FileInformation => `\x02\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | NtSetInformationFile |
FileHandle => 0x000003a0 FileInformation => |
SUCCESS | 0x00000000 | 1 time |
| 18:34:15,159 | 588 | NtReadFile |
Buffer => \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00 FileHandle => 0x000003a0 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | NtQueryInformationFile |
FileHandle => 0x000003a0 FileInformation => \xb8\xa2 \x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | NtSetInformationFile |
FileHandle => 0x000003a0 FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | NtReadFile |
Buffer => \x01\x00\x00\x00\x18\x07\x00\x80 FileHandle => 0x000003a0 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | NtSetInformationFile |
FileHandle => 0x000003a0 FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | NtQueryInformationFile |
FileHandle => 0x000003a0 FileInformation => `\x02\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | NtSetInformationFile |
FileHandle => 0x000003a0 FileInformation => |
SUCCESS | 0x00000000 | 1 time |
| 18:34:15,159 | 588 | NtReadFile |
Buffer => \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00 FileHandle => 0x000003a0 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | NtReadFile |
Buffer => \x04\x00\x00\xe0\x17\x00\x00 FileHandle => 0x000003a0 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | NtSetInformationFile |
FileHandle => 0x000003a0 FileInformation => |
SUCCESS | 0x00000000 | 1 time |
| 18:34:15,159 | 588 | NtReadFile |
Buffer => \xb0\xe1\x11\x00\xa0\xa1\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 FileHandle => 0x000003a0 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | NtQueryInformationFile |
FileHandle => 0x000003a0 FileInformation => \x00\xe0\x16\x00\x00\x00\x00\x00\x00\xe0\x16\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0005 SectionHandle => 0x000003a4 FileHandle => 0x000003a0 |
SUCCESS | 0x00000000 | |
| 18:34:15,159 | 588 | ZwMapViewOfSection |
SectionOffset => 0x0013c9e8 SectionHandle => 0x000003a4 ProcessHandle => 0xffffffff BaseAddress => 0x00fe0000 |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegCloseKey |
Handle => 0x00000340 |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegOpenKeyExW |
Handle => 0x00000340 Registry => 0x80000002 SubKey => Software\Microsoft\Windows NT\CurrentVersion\ProfileList |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegQueryValueExW |
Handle => 0x00000340 Data => D\x00e\x00f\x00a\x00u\x00l\x00t\x00 \x00U\x00s\x00e\x00r\x00\x00\x00 ValueName => DefaultUserProfile |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegCloseKey |
Handle => 0x00000340 |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegOpenKeyExW |
Handle => 0x00000340 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegQueryValueExW |
Handle => 0x00000340 Data => C\x00:\x00\\x00P\x00r\x00o\x00g\x00r\x00a\x00m\x00 \x00F\x00i\x00l\x00e\x00s\x00\x00\x00 ValueName => ProgramFilesDir |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegQueryValueExW |
Handle => 0x00000340 Data => C\x00:\x00\\x00P\x00r\x00o\x00g\x00r\x00a\x00m\x00 \x00F\x00i\x00l\x00e\x00s\x00\\x00C\x00o\x00m\x00m\x00o\x00n\x00 \x00F\x00i\x00l\x00e\x00s\x00\x00\x00 ValueName => CommonFilesDir |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegCloseKey |
Handle => 0x00000340 |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegOpenKeyExW |
Handle => 0x00000340 Registry => 0x80000003 SubKey => S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegOpenKeyExW |
Handle => 0x000003ac Registry => 0x80000002 SubKey => Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegQueryValueExW |
Handle => 0x000003ac Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00D\x00r\x00i\x00v\x00e\x00%\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\x00\x00 ValueName => ProfileImagePath |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegCloseKey |
Handle => 0x000003ac |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegCreateKeyExW |
Handle => 0x000003ac Access => 131103 Registry => 0x00000340 Class => SubKey => Software\Microsoft\Windows NT\CurrentVersion\Winlogon |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegQueryValueExW |
Handle => 0x000003ac Data => 1\x00\x00\x00 ValueName => ParseAutoexec |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegCloseKey |
Handle => 0x000003ac |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | NtCreateFile |
ShareAccess => 1 FileName => c:\autoexec.bat DesiredAccess => 0x80100080 CreateDisposition => 1 FileHandle => 0x000003ac |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | NtQueryInformationFile |
FileHandle => 0x000003ac FileInformation => \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | NtReadFile |
Buffer => FileHandle => 0x000003ac |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegOpenKeyExW |
Handle => 0x000003ac Registry => 0x00000340 SubKey => Environment |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegEnumValueW |
Index => 0 Handle => 0x000003ac Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00L\x00o\x00c\x00a\x00l\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00e\x00m\x00p\x00\x00\x00 ValueName => TEMP |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegEnumValueW |
Index => 1 Handle => 0x000003ac Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00L\x00o\x00c\x00a\x00l\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00e\x00m\x00p\x00\x00\x00 ValueName => TMP |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegEnumValueW |
Index => 2 Handle => 0x000003ac DataLength => 4096 ValueName => TMP Type => 22999204 |
FAILURE | 0x00000103 | |
| 18:34:15,169 | 1412 | RegEnumValueW |
Index => 0 Handle => 0x000003ac Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00L\x00o\x00c\x00a\x00l\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00e\x00m\x00p\x00\x00\x00 ValueName => TEMP |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | FindFirstFileExW |
FileName => C:\Documents and Settings |
SUCCESS | 0x001bc608 | |
| 18:34:15,169 | 1412 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings |
SUCCESS | 0x001bc608 | |
| 18:34:15,169 | 1412 | RegEnumValueW |
Index => 1 Handle => 0x000003ac Data => %\x00U\x00S\x00E\x00R\x00P\x00R\x00O\x00F\x00I\x00L\x00E\x00%\x00\\x00L\x00o\x00c\x00a\x00l\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00e\x00m\x00p\x00\x00\x00 ValueName => TMP |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | FindFirstFileExW |
FileName => C:\Documents and Settings |
SUCCESS | 0x001bc608 | |
| 18:34:15,169 | 1412 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings |
SUCCESS | 0x001bc608 | |
| 18:34:15,169 | 1412 | RegEnumValueW |
Index => 2 Handle => 0x000003ac DataLength => 4096 ValueName => TMP Type => 22999204 |
FAILURE | 0x00000103 | |
| 18:34:15,169 | 1412 | RegCloseKey |
Handle => 0x000003ac |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegOpenKeyExW |
Handle => 0x000003ac Registry => 0x00000340 SubKey => Volatile Environment |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegEnumValueW |
Index => 0 Handle => 0x000003ac Data => \\x00\\x00T\x00U\x00R\x00B\x00O\x00P\x00C\x00\x00\x00 ValueName => LOGONSERVER |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegEnumValueW |
Index => 1 Handle => 0x000003ac Data => C\x00o\x00n\x00s\x00o\x00l\x00e\x00\x00\x00 ValueName => CLIENTNAME |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegEnumValueW |
Index => 2 Handle => 0x000003ac Data => C\x00o\x00n\x00s\x00o\x00l\x00e\x00\x00\x00 ValueName => SESSIONNAME |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegEnumValueW |
Index => 3 Handle => 0x000003ac Data => C\x00:\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\\x00A\x00p\x00p\x00l\x00i\x00c\x00a\x00t\x00i\x00o\x00n\x00 \x00D\x00a\x00t\x00a\x00\x00\x00 ValueName => APPDATA |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegEnumValueW |
Index => 4 Handle => 0x000003ac Data => C\x00:\x00\x00\x00 ValueName => HOMEDRIVE |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegEnumValueW |
Index => 5 Handle => 0x000003ac Data => \x00\x00 ValueName => HOMESHARE |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegEnumValueW |
Index => 6 Handle => 0x000003ac Data => \\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\x00\x00 ValueName => HOMEPATH |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegEnumValueW |
Index => 7 Handle => 0x000003ac DataLength => 4096 ValueName => HOMEPATH Type => 22999204 |
FAILURE | 0x00000103 | |
| 18:34:15,169 | 1412 | RegEnumValueW |
Index => 0 Handle => 0x000003ac Data => \\x00\\x00T\x00U\x00R\x00B\x00O\x00P\x00C\x00\x00\x00 ValueName => LOGONSERVER |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegEnumValueW |
Index => 1 Handle => 0x000003ac Data => C\x00o\x00n\x00s\x00o\x00l\x00e\x00\x00\x00 ValueName => CLIENTNAME |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegEnumValueW |
Index => 2 Handle => 0x000003ac Data => C\x00o\x00n\x00s\x00o\x00l\x00e\x00\x00\x00 ValueName => SESSIONNAME |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegEnumValueW |
Index => 3 Handle => 0x000003ac Data => C\x00:\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\\x00A\x00p\x00p\x00l\x00i\x00c\x00a\x00t\x00i\x00o\x00n\x00 \x00D\x00a\x00t\x00a\x00\x00\x00 ValueName => APPDATA |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegEnumValueW |
Index => 4 Handle => 0x000003ac Data => C\x00:\x00\x00\x00 ValueName => HOMEDRIVE |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegEnumValueW |
Index => 5 Handle => 0x000003ac Data => \x00\x00 ValueName => HOMESHARE |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegEnumValueW |
Index => 6 Handle => 0x000003ac Data => \\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\x00\x00 ValueName => HOMEPATH |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegEnumValueW |
Index => 7 Handle => 0x000003ac DataLength => 4096 ValueName => HOMEPATH Type => 22999204 |
FAILURE | 0x00000103 | |
| 18:34:15,169 | 1412 | RegCloseKey |
Handle => 0x000003ac |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegCloseKey |
Handle => 0x00000340 |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | NtFreeVirtualMemory |
FreeType => 0x00008000 ProcessHandle => 0xffffffff RegionSize => 0x00001000 BaseAddress => 0x00fc0000 |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegCloseKey |
Handle => 0x00000350 |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegOpenKeyExW |
Handle => 0x00000350 Registry => 0x80000003 SubKey => S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegCreateKeyExW |
Handle => 0x00000340 Access => 33554432 Registry => 0x00000350 Class => SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegCloseKey |
Handle => 0x00000350 |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegSetValueExW |
Handle => 0x00000340 Buffer => C\x00:\x00\\x00D\x00o\x00c\x00u\x00m\x00e\x00n\x00t\x00s\x00 \x00a\x00n\x00d\x00 \x00S\x00e\x00t\x00t\x00i\x00n\x00g\x00s\x00\\x00T\x00D\x00W\x00\\x00A\x00p\x00p\x00l\x00i\x00c\x00a\x00t\x00i\x00o\x00n\x00 \x00D\x00a\x00t\x00a\x00\x00\x00 ValueName => AppData Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegCloseKey |
Handle => 0x00000340 |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Application Data\Microsoft\Network\Connections\Pbk\*.pbk |
SUCCESS | 4294967295 | |
| 18:34:15,169 | 1412 | RegCreateKeyExA |
Handle => 0x00000344 Access => 2 Registry => 0x00000290 Class => SubKey => Software\Microsoft\windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegSetValueExA |
Handle => 0x00000344 Buffer => 1 ValueName => MigrateProxy Type => 4 |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegCloseKey |
Handle => 0x00000344 |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegOpenKeyExA |
Handle => 0x00000344 Registry => 0x00000290 SubKey => Software\Microsoft\windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegQueryValueExA |
Handle => 0x00000344 Data => 0 ValueName => ProxyEnable |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegQueryValueExA |
Handle => 0x00000344 DataLength => 2084 ValueName => ProxyServer Type => 836 |
FAILURE | 0x00000002 | |
| 18:34:15,169 | 1412 | RegQueryValueExA |
Handle => 0x00000344 DataLength => 2084 ValueName => ProxyOverride Type => 836 |
FAILURE | 0x00000002 | |
| 18:34:15,169 | 1412 | RegQueryValueExA |
Handle => 0x00000344 DataLength => 2084 ValueName => AutoConfigURL Type => 836 |
FAILURE | 0x00000002 | |
| 18:34:15,169 | 1412 | RegCloseKey |
Handle => 0x00000344 |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegCreateKeyExA |
Handle => 0x00000344 Access => 1 Registry => 0x00000290 Class => SubKey => Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegQueryValueExA |
Handle => 0x00000344 DataLength => 56 ValueName => SavedLegacySettings Type => 3 |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegQueryValueExA |
Handle => 0x00000344 Data => ValueName => SavedLegacySettings |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegCloseKey |
Handle => 0x00000344 |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegCreateKeyExA |
Handle => 0x00000344 Access => 1 Registry => 0x00000290 Class => SubKey => Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegQueryValueExA |
Handle => 0x00000344 DataLength => 56 ValueName => DefaultConnectionSettings Type => 3 |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegQueryValueExA |
Handle => 0x00000344 Data => ValueName => DefaultConnectionSettings |
SUCCESS | 0x00000000 | |
| 18:34:15,169 | 1412 | RegCloseKey |
Handle => 0x00000344 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 1412 | RegCreateKeyExA |
Handle => 0x00000344 Access => 131078 Registry => 0x00000290 Class => SubKey => Software\Microsoft\windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 1412 | RegSetValueExA |
Handle => 0x00000344 Buffer => 0 ValueName => ProxyEnable Type => 4 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 1412 | RegDeleteValueA |
Handle => 0x00000344 ValueName => ProxyServer |
FAILURE | 0x00000002 | |
| 18:34:15,179 | 1412 | RegDeleteValueA |
Handle => 0x00000344 ValueName => ProxyOverride |
FAILURE | 0x00000002 | |
| 18:34:15,179 | 1412 | RegDeleteValueA |
Handle => 0x00000344 ValueName => AutoConfigURL |
FAILURE | 0x00000002 | |
| 18:34:15,179 | 1412 | RegCloseKey |
Handle => 0x00000344 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 1412 | RegCreateKeyExA |
Handle => 0x00000340 Access => 2 Registry => 0x80000005 Class => SubKey => Software\Microsoft\windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 1412 | RegSetValueExA |
Handle => 0x00000340 Buffer => 0 ValueName => ProxyEnable Type => 4 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 1412 | RegCloseKey |
Handle => 0x00000340 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 1412 | RegCreateKeyExA |
Handle => 0x00000340 Access => 1 Registry => 0x00000290 Class => SubKey => Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 1412 | RegQueryValueExA |
Handle => 0x00000340 DataLength => 56 ValueName => SavedLegacySettings Type => 3 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 1412 | RegQueryValueExA |
Handle => 0x00000340 Data => ValueName => SavedLegacySettings |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 1412 | RegCreateKeyExA |
Handle => 0x00000350 Access => 2 Registry => 0x00000290 Class => SubKey => Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 1412 | RegCloseKey |
Handle => 0x00000340 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 1412 | RegSetValueExA |
Handle => 0x00000350 Buffer => ValueName => SavedLegacySettings Type => 3 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 1412 | RegCloseKey |
Handle => 0x00000350 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 1412 | LdrLoadDll |
Flags => 23001992 BaseAddress => 0x7e1e0000 FileName => urlmon.dll |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 1412 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoInternetCreateSecurityManager FunctionAddress => 0x7e1e30e7 ModuleHandle => 0x7e1e0000 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 1412 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoInternetCreateZoneManager FunctionAddress => 0x7e1e9bd7 ModuleHandle => 0x7e1e0000 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 1412 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoInternetIsFeatureEnabledForUrl FunctionAddress => 0x7e1ebb5e ModuleHandle => 0x7e1e0000 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 1412 | RegOpenKeyExA |
Handle => 0x00000350 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 1412 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
FAILURE | 0x00000002 | |
| 18:34:15,179 | 1412 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
FAILURE | 0x00000002 | |
| 18:34:15,179 | 1412 | RegOpenKeyExA |
Handle => 0x00000340 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 1412 | RegOpenKeyExW |
Handle => 0x000003ac Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 1412 | RegQueryValueExW |
Handle => 0x000003ac DataLength => 4 ValueName => Security_HKLM_only Type => 23000108 |
FAILURE | 0x00000002 | |
| 18:34:15,179 | 1412 | RegCloseKey |
Handle => 0x000003ac |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 1412 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:15,179 | 1412 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:15,179 | 1412 | RegOpenKeyExW |
Handle => 0x000003ac Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 1412 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:15,179 | 1412 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ac SubKey => FEATURE_VALIDATE_URLHOSTNAME |
FAILURE | 0x00000002 | |
| 18:34:15,179 | 1412 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 18:34:15,179 | 1412 | RegCloseKey |
Handle => 0x000003ac |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 1412 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 18:34:15,179 | 1412 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x00000340 SubKey => Domains\lukodorsai.info |
FAILURE | 0x00000002 | |
| 18:34:15,179 | 1412 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lukodorsai.info |
FAILURE | 0x00000002 | |
| 18:34:15,179 | 1412 | RegQueryValueExW |
Handle => 0x00000350 Data => 1 ValueName => IntranetName |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 1412 | RegQueryValueExW |
Handle => 0x00000350 Data => 1 ValueName => ProxyBypass |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 1412 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => IsHostInProxyBypassList FunctionAddress => 0x771d3350 ModuleHandle => 0x771b0000 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 1412 | RegOpenKeyExA |
Handle => 0x000003ac Registry => 0x00000340 SubKey => ProtocolDefaults\ |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 1412 | RegQueryValueExW |
Handle => 0x000003ac Data => 3 ValueName => http |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 1412 | RegCloseKey |
Handle => 0x000003ac |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 1412 | RegOpenKeyExA |
Handle => 0x000003ac Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 1412 | RegQueryValueExW |
Handle => 0x000003ac Data => 1 ValueName => 1A10 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 1412 | RegCloseKey |
Handle => 0x000003ac |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 1412 | RegOpenKeyExW |
Handle => 0x000003ac Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 1412 | RegQueryValueExW |
Handle => 0x000003ac DataLength => 4 ValueName => Security_HKLM_only Type => 23001876 |
FAILURE | 0x00000002 | |
| 18:34:15,179 | 1412 | RegCloseKey |
Handle => 0x000003ac |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 1412 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:15,179 | 1412 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:15,179 | 1412 | RegOpenKeyExW |
Handle => 0x000003ac Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 1412 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:15,179 | 1412 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ac SubKey => FEATURE_RESPECT_OBJECTSAFETY_POLICY_KB905547 |
FAILURE | 0x00000002 | |
| 18:34:15,179 | 1412 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 18:34:15,179 | 1412 | RegCloseKey |
Handle => 0x000003ac |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 1412 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 18:34:15,179 | 1412 | NtQueryInformationFile |
FileHandle => 0x00000174 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | 1 time |
| 18:34:15,179 | 1412 | NtQueryInformationFile |
FileHandle => 0x00000184 FileInformation => \x00\x80\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | 7 times |
| 18:34:15,179 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SxsOleAut32MapConfiguredClsidToReferenceClsid FunctionAddress => 0x7e745c0d ModuleHandle => 0x7e720000 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | RegCloseKey |
Handle => 0x0000039e |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | RegCloseKey |
Handle => 0x0000039a |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | RegCloseKey |
Handle => 0x00000396 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | RegCloseKey |
Handle => 0x0000038e |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SxsOleAut32RedirectTypeLibrary FunctionAddress => 0x7e746129 ModuleHandle => 0x7e720000 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | RegOpenKeyExA |
Handle => 0x0000038e Registry => 0x80000000 SubKey => TypeLib |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | RegOpenKeyExW |
Handle => 0x00000396 Registry => 0x0000038e SubKey => {00020430-0000-0000-C000-000000000046} |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | RegOpenKeyExA |
Handle => 0x0000039a Registry => 0x00000396 SubKey => 2.0 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | RegOpenKeyExA |
Handle => 0x0000039e Registry => 0x0000039a SubKey => 0 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | RegOpenKeyExW |
Handle => 0x000003aa Registry => 0x0000039e SubKey => win32 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | RegCloseKey |
Handle => 0x000003aa |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | RegCloseKey |
Handle => 0x0000039e |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | RegOpenKeyExW |
Handle => 0x0000039e Registry => 0x0000039a SubKey => 0 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | RegOpenKeyExW |
Handle => 0x000003aa Registry => 0x0000039e SubKey => win32 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | RegQueryValueExW |
Handle => 0x000003aa Data => C\x00:\x00\\x00W\x00I\x00N\x00D\x00O\x00W\x00S\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00s\x00t\x00d\x00o\x00l\x00e\x002\x00.\x00t\x00l\x00b\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | NtCreateFile |
ShareAccess => 1 FileName => C:\WINDOWS\system32\stdole2.tlb DesiredAccess => 0x80100080 CreateDisposition => 1 FileHandle => 0x000003a8 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | NtQueryInformationFile |
FileHandle => 0x000003a8 FileInformation => \x00\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | NtSetInformationFile |
FileHandle => 0x000003a8 FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | NtReadFile |
Buffer => MZ\x90\x00\x03\x00\x00\x00\x04\x00\x00\x00\xff\xff\x00\x00\xb8\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00 FileHandle => 0x000003a8 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | NtSetInformationFile |
FileHandle => 0x000003a8 FileInformation => |
SUCCESS | 0x00000000 | 1 time |
| 18:34:15,179 | 588 | NtReadFile |
Buffer => PE\x00\x00 FileHandle => 0x000003a8 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | NtReadFile |
Buffer => L\x01\x01\x00\xce)\x02H\x00\x00\x00\x00\x00\x00\x00\x00\xe0\x00\x0f! FileHandle => 0x000003a8 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | NtQueryInformationFile |
FileHandle => 0x000003a8 FileInformation => \xd8\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | NtSetInformationFile |
FileHandle => 0x000003a8 FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | NtReadFile |
Buffer => .rsrc\x00\x00\x00`>\x00\x00\x00\x10\x00\x00\x00@\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00@ FileHandle => 0x000003a8 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | NtQueryInformationFile |
FileHandle => 0x000003a8 FileInformation => \xe0\x01\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | NtSetInformationFile |
FileHandle => 0x000003a8 FileInformation => |
SUCCESS | 0x00000000 | 1 time |
| 18:34:15,179 | 588 | NtReadFile |
Buffer => \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x01\x00 FileHandle => 0x000003a8 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | NtReadFile |
Buffer => \xa0\x00\x00\x80 \x00\x00\x80 FileHandle => 0x000003a8 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | NtQueryInformationFile |
FileHandle => 0x000003a8 FileInformation => \x18\x02\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | NtSetInformationFile |
FileHandle => 0x000003a8 FileInformation => |
SUCCESS | 0x00000000 | 1 time |
| 18:34:15,179 | 588 | NtReadFile |
Buffer => \x07\x00 FileHandle => 0x000003a8 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | NtReadFile |
Buffer => T\x00Y\x00P\x00E\x00L\x00I\x00B\x00 FileHandle => 0x000003a8 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | NtSetInformationFile |
FileHandle => 0x000003a8 FileInformation => |
SUCCESS | 0x00000000 | 1 time |
| 18:34:15,179 | 588 | NtQueryInformationFile |
FileHandle => 0x000003a8 FileInformation => \xe0\x01\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | NtSetInformationFile |
FileHandle => 0x000003a8 FileInformation => |
SUCCESS | 0x00000000 | 1 time |
| 18:34:15,179 | 588 | NtReadFile |
Buffer => \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00 FileHandle => 0x000003a8 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | NtQueryInformationFile |
FileHandle => 0x000003a8 FileInformation => 0\x02\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | NtSetInformationFile |
FileHandle => 0x000003a8 FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | NtReadFile |
Buffer => \x01\x00\x00\x00P\x00\x00\x80 FileHandle => 0x000003a8 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | NtSetInformationFile |
FileHandle => 0x000003a8 FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | NtQueryInformationFile |
FileHandle => 0x000003a8 FileInformation => \xe0\x01\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | NtSetInformationFile |
FileHandle => 0x000003a8 FileInformation => |
SUCCESS | 0x00000000 | 1 time |
| 18:34:15,179 | 588 | NtReadFile |
Buffer => \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00 FileHandle => 0x000003a8 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | NtReadFile |
Buffer => \x04\x00\x00\x80\x00\x00\x00 FileHandle => 0x000003a8 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | NtSetInformationFile |
FileHandle => 0x000003a8 FileInformation => |
SUCCESS | 0x00000000 | 1 time |
| 18:34:15,179 | 588 | NtReadFile |
Buffer => \xb0\x10\x00\x00@:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 FileHandle => 0x000003a8 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | NtQueryInformationFile |
FileHandle => 0x000003a8 FileInformation => \x00P\x00\x00\x00\x00\x00\x00\x00B\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0005 SectionHandle => 0x000003ac FileHandle => 0x000003a8 |
SUCCESS | 0x00000000 | |
| 18:34:15,179 | 588 | ZwMapViewOfSection |
SectionOffset => 0x0013c6b8 SectionHandle => 0x000003ac ProcessHandle => 0xffffffff BaseAddress => 0x00fc0000 |
SUCCESS | 0x00000000 | |
| 18:34:15,209 | 1412 | NtQueryInformationFile |
FileHandle => 0x00000184 FileInformation => \x00\x80\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | 14 times |
| 18:34:15,209 | 1412 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => EnableAutodial Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:15,209 | 1412 | NtQueryInformationFile |
FileHandle => 0x00000174 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:15,209 | 588 | RegCloseKey |
Handle => 0x0000039e |
SUCCESS | 0x00000000 | |
| 18:34:15,209 | 588 | RegCloseKey |
Handle => 0x0000039a |
SUCCESS | 0x00000000 | |
| 18:34:15,209 | 588 | RegCloseKey |
Handle => 0x00000396 |
SUCCESS | 0x00000000 | |
| 18:34:15,209 | 588 | RegCloseKey |
Handle => 0x0000038e |
SUCCESS | 0x00000000 | |
| 18:34:15,209 | 588 | RegOpenKeyExW |
Handle => 0x0000038c Registry => 0x80000002 SubKey => Software\Microsoft\Rpc |
SUCCESS | 0x00000000 | |
| 18:34:15,209 | 588 | RegQueryValueExW |
Handle => 0x0000038c DataLength => 4 ValueName => UDTAlignmentPolicy Type => 2012198480 |
FAILURE | 0x00000002 | |
| 18:34:15,209 | 588 | RegCloseKey |
Handle => 0x0000038c |
SUCCESS | 0x00000000 | |
| 18:34:15,209 | 588 | RegOpenKeyExW |
Handle => 0x0000038e Registry => 0x80000000 SubKey => Interface\{00020400-0000-0000-C000-000000000046} |
SUCCESS | 0x00000000 | |
| 18:34:15,209 | 588 | RegOpenKeyExW |
Handle => 0x00000396 Registry => 0x0000038e SubKey => ProxyStubClsid32 |
SUCCESS | 0x00000000 | |
| 18:34:15,209 | 588 | RegQueryValueExW |
Handle => 0x00000396 Data => {\x000\x000\x000\x002\x000\x004\x002\x000\x00-\x000\x000\x000\x000\x00-\x000\x000\x000\x000\x00-\x00C\x000\x000\x000\x00-\x000\x000\x000\x000\x000\x000\x000\x000\x000\x000\x004\x006\x00}\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:15,209 | 588 | RegCloseKey |
Handle => 0x00000396 |
SUCCESS | 0x00000000 | |
| 18:34:15,209 | 588 | RegCloseKey |
Handle => 0x0000038e |
SUCCESS | 0x00000000 | |
| 18:34:15,209 | 588 | RegOpenKeyExW |
Handle => 0x0000038c Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:15,209 | 588 | RegQueryValueExW |
Handle => 0x0000038c Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:15,209 | 588 | RegCloseKey |
Handle => 0x0000038c |
SUCCESS | 0x00000000 | |
| 18:34:15,209 | 588 | RegOpenKeyExW |
Handle => 0x0000038c Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:15,209 | 588 | RegQueryValueExW |
Handle => 0x0000038c Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:15,209 | 588 | RegCloseKey |
Handle => 0x0000038c |
SUCCESS | 0x00000000 | |
| 18:34:15,209 | 588 | RegOpenKeyExW |
Handle => 0x0000038e Registry => 0x000000e6 SubKey => CLSID\{00020420-0000-0000-C000-000000000046} |
SUCCESS | 0x00000000 | |
| 18:34:15,209 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000038e SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:15,209 | 588 | RegOpenKeyExW |
Handle => 0x00000396 Registry => 0x000000e6 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:15,209 | 588 | RegCloseKey |
Handle => 0x0000038e |
SUCCESS | 0x00000000 | |
| 18:34:15,209 | 588 | RegOpenKeyExW |
Handle => 0x0000038e Registry => 0x00000396 SubKey => CLSID\{00020420-0000-0000-C000-000000000046} |
SUCCESS | 0x00000000 | |
| 18:34:15,209 | 588 | RegOpenKeyExW |
Handle => 0x0000039a Registry => 0x0000038e SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:15,209 | 588 | RegQueryValueExW |
Handle => 0x0000039a DataLength => 1000 ValueName => InprocServer32 Type => 1567048 |
FAILURE | 0x00000002 | |
| 18:34:15,209 | 588 | RegCloseKey |
Handle => 0x0000039a |
SUCCESS | 0x00000000 | |
| 18:34:15,209 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000038e SubKey => InprocServerX86 |
FAILURE | 0x00000002 | |
| 18:34:15,209 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000038e SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:15,209 | 588 | RegOpenKeyExW |
Handle => 0x0000039a Registry => 0x0000038e SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:15,209 | 588 | RegQueryValueExW |
Handle => 0x0000039a Data => o\x00l\x00e\x00a\x00u\x00t\x003\x002\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:15,209 | 588 | RegCloseKey |
Handle => 0x0000039a |
SUCCESS | 0x00000000 | |
| 18:34:15,209 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000038e SubKey => InprocHandler32 |
FAILURE | 0x00000002 | |
| 18:34:15,209 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000038e SubKey => InprocHandlerX86 |
FAILURE | 0x00000002 | |
| 18:34:15,209 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000038e SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:15,209 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000038e SubKey => LocalServer |
FAILURE | 0x00000002 | |
| 18:34:15,209 | 588 | RegOpenKeyExW |
Handle => 0x0000039a Registry => 0x00000396 SubKey => CLSID\{00020420-0000-0000-C000-000000000046} |
SUCCESS | 0x00000000 | |
| 18:34:15,209 | 588 | RegQueryValueExW |
Handle => 0x0000039a DataLength => 100 ValueName => AppID Type => 1299340 |
FAILURE | 0x00000002 | |
| 18:34:15,209 | 588 | RegCloseKey |
Handle => 0x0000039a |
SUCCESS | 0x00000000 | |
| 18:34:15,209 | 588 | RegCloseKey |
Handle => 0x0000038e |
SUCCESS | 0x00000000 | |
| 18:34:15,209 | 588 | RegOpenKeyExW |
Handle => 0x0000038e Registry => 0x80000000 SubKey => CLSID\{00020420-0000-0000-C000-000000000046} |
SUCCESS | 0x00000000 | |
| 18:34:15,209 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000038e SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:15,209 | 588 | RegCloseKey |
Handle => 0x0000038e |
SUCCESS | 0x00000000 | |
| 18:34:15,209 | 588 | RegOpenKeyExW |
Handle => 0x0000038e Registry => 0x00000396 SubKey => CLSID\{00020420-0000-0000-C000-000000000046} |
SUCCESS | 0x00000000 | |
| 18:34:15,209 | 588 | RegOpenKeyExW |
Handle => 0x0000039a Registry => 0x0000038e SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:15,209 | 588 | RegQueryValueExW |
Handle => 0x0000039a Data => B\x00o\x00t\x00h\x00\x00\x00 ValueName => ThreadingModel |
SUCCESS | 0x00000000 | |
| 18:34:15,209 | 588 | RegCloseKey |
Handle => 0x0000039a |
SUCCESS | 0x00000000 | |
| 18:34:15,209 | 588 | RegCloseKey |
Handle => 0x0000038e |
SUCCESS | 0x00000000 | |
| 18:34:15,219 | 1412 | getaddrinfo |
ServiceName => NodeName => jue0jc.lukodorsai.info |
FAILURE | 0x00002af9 | |
| 18:34:15,229 | 1444 | CreateThread |
ThreadId => 1732 StartRoutine => 0x77e76c7d Parameter => 0x001be590 CreationFlags => 0 |
SUCCESS | 0x000003a0 | |
| 18:34:15,229 | 588 | LdrGetProcedureAddress |
Ordinal => 177 FunctionName => FunctionAddress => 0x7e34a7d0 ModuleHandle => 0x7e290000 |
SUCCESS | 0x00000000 | |
| 18:34:15,229 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7c9c0000 FileName => SHELL32.DLL |
SUCCESS | 0x00000000 | |
| 18:34:15,229 | 588 | LdrGetProcedureAddress |
Ordinal => 640 FunctionName => FunctionAddress => 0x7cabb3b3 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:15,229 | 588 | LdrGetProcedureAddress |
Ordinal => 641 FunctionName => FunctionAddress => 0x7cabb3de ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:15,229 | 588 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0007 SectionHandle => 0x000003ac FileHandle => 0x00000000 |
SUCCESS | 0x00000000 | |
| 18:34:15,229 | 588 | ZwMapViewOfSection |
SectionOffset => 0x0013ea1c SectionHandle => 0x000003ac ProcessHandle => 0xffffffff BaseAddress => 0x00fc0000 |
SUCCESS | 0x00000000 | |
| 18:34:15,229 | 588 | ZwMapViewOfSection |
SectionOffset => 0x0013ea3c SectionHandle => 0x000003a8 ProcessHandle => 0xffffffff BaseAddress => 0x00fc0000 |
SUCCESS | 0x00000000 | |
| 18:34:15,239 | 588 | ZwMapViewOfSection |
SectionOffset => 0x0013ea70 SectionHandle => 0x000003ac ProcessHandle => 0xffffffff BaseAddress => 0x00fc0000 |
SUCCESS | 0x00000000 | |
| 18:34:15,239 | 588 | LdrGetProcedureAddress |
Ordinal => 103 FunctionName => FunctionAddress => 0x7cab5950 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:15,239 | 588 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0007 SectionHandle => 0x000003a8 FileHandle => 0x00000000 |
SUCCESS | 0x00000000 | |
| 18:34:15,239 | 588 | ZwMapViewOfSection |
SectionOffset => 0x0013ea8c SectionHandle => 0x000003a8 ProcessHandle => 0xffffffff BaseAddress => 0x00fc0000 |
SUCCESS | 0x00000000 | |
| 18:34:15,239 | 588 | ZwMapViewOfSection |
SectionOffset => 0x0013ea9c SectionHandle => 0x000003a8 ProcessHandle => 0xffffffff BaseAddress => 0x00fc0000 |
SUCCESS | 0x00000000 | |
| 18:34:15,239 | 588 | ZwMapViewOfSection |
SectionOffset => 0x0013eac0 SectionHandle => 0x000003a8 ProcessHandle => 0xffffffff BaseAddress => 0x00fc0000 |
SUCCESS | 0x00000000 | |
| 18:34:15,249 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\TravelLog |
FAILURE | 0x00000002 | |
| 18:34:15,249 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\TravelLog |
FAILURE | 0x00000002 | |
| 18:34:15,249 | 588 | FindWindowW |
ClassName => MS_AutodialMonitor WindowName => |
FAILURE | 0x00000000 | |
| 18:34:15,249 | 588 | FindWindowW |
ClassName => MS_WebcheckMonitor WindowName => |
SUCCESS | 0x000100a8 | |
| 18:34:15,249 | 588 | RegOpenKeyExA |
Handle => 0x000003ac Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:15,249 | 588 | RegQueryValueExW |
Handle => 0x000003ac Data => 0 ValueName => ProxyEnable |
SUCCESS | 0x00000000 | |
| 18:34:15,249 | 588 | RegCloseKey |
Handle => 0x000003ac |
SUCCESS | 0x00000000 | |
| 18:34:15,259 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:15,259 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:15,259 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:15,259 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:15,259 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:15,259 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:15,259 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:15,259 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:15,259 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:15,259 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | 1 time |
| 18:34:15,259 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:15,259 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:15,259 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | 1 time |
| 18:34:15,259 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:15,259 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:15,259 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:15,259 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:15,259 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:15,259 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:15,259 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:15,259 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:15,259 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:15,259 | 588 | LdrGetDllHandle |
ModuleHandle => 0x77f10000 FileName => GDI32 |
SUCCESS | 0x00000000 | |
| 18:34:15,259 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetLayout FunctionAddress => 0x77f16b2e ModuleHandle => 0x77f10000 |
SUCCESS | 0x00000000 | |
| 18:34:15,259 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:15,259 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:15,259 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:15,259 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:15,259 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:15,259 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:15,259 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:15,259 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:15,259 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:15,259 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:15,299 | 1412 | getaddrinfo |
ServiceName => NodeName => jue0jc.lukodorsai.info |
SUCCESS | 0x00000000 | |
| 18:34:15,299 | 1412 | socket |
type => 1 protocol => 6 af => 2 |
SUCCESS | 0x000003a8 | |
| 18:34:15,299 | 588 | RegOpenKeyExA |
Handle => 0x000003ac Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:15,299 | 588 | RegQueryValueExW |
Handle => 0x000003ac Data => 0 ValueName => ProxyEnable |
SUCCESS | 0x00000000 | |
| 18:34:15,299 | 588 | RegCloseKey |
Handle => 0x000003ac |
SUCCESS | 0x00000000 | |
| 18:34:15,299 | 1412 | ioctlsocket |
command => 2147772030 socket => 0x000003a8 |
SUCCESS | 0x00000000 | |
| 18:34:15,299 | 1412 | bind |
ip => 0.0.0.0 socket => 0x000003a8 port => 0 |
SUCCESS | 0x00000000 | |
| 18:34:15,299 | 1412 | NtDeviceIoControlFile |
InputBuffer => FileHandle => 0x000003a8 OutputBuffer => \x01\x00\x00\x00\x01\x00\x00\x00\x0e\x00\x02\x00\x04\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:15,299 | 1412 | connect |
socket => 0x000003a8 |
FAILURE | 4294967295 | |
| 18:34:15,299 | 1304 | select |
socket => 0x00000001 |
SUCCESS | 0x00000001 | |
| 18:34:15,299 | 1304 | WSARecv |
socket => 0x00000274 |
SUCCESS | 0x00000000 | |
| 18:34:15,299 | 1412 | send |
buffer => ! socket => 0x00000274 |
SUCCESS | 0x00000001 | |
| 18:34:28,518 | 588 | RegOpenKeyExW |
Handle => 0x000003b8 Registry => 0x80000002 SubKey => Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes |
SUCCESS | 0x00000000 | |
| 18:34:28,518 | 588 | RegQueryValueExW |
Handle => 0x000003b8 DataLength => 64 ValueName => Tahoma Type => 1302476 |
FAILURE | 0x00000002 | |
| 18:34:28,518 | 588 | RegCloseKey |
Handle => 0x000003b8 |
SUCCESS | 0x00000000 | |
| 18:34:28,518 | 588 | GetCursorPos |
y => 57 x => 577 |
SUCCESS | 0x00000001 | |
| 18:34:36,179 | 1304 | select |
socket => 0x00000002 |
SUCCESS | 0x00000001 | |
| 18:34:36,179 | 1412 | closesocket |
socket => 0x000003a8 |
SUCCESS | 0x00000000 | |
| 18:34:36,179 | 1412 | OpenSCManagerW |
MachineName => DatabaseName => DesiredAccess => 2147483648 |
SUCCESS | 0x001bc3c0 | |
| 18:34:36,179 | 1412 | OpenServiceW |
ServiceControlManager => 0x001bc3c0 ServiceName => RASMAN DesiredAccess => 4 |
SUCCESS | 0x001b55f0 | |
| 18:34:36,189 | 1412 | RegQueryValueExA |
Handle => 0x00000044 DataLength => 4 ValueName => EnableAutodial Type => 68 |
FAILURE | 0x00000002 | |
| 18:34:36,189 | 1412 | NtQueryInformationFile |
FileHandle => 0x00000174 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:36,199 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RevokeBindStatusCallback FunctionAddress => 0x7e1f5a8a ModuleHandle => 0x7e1e0000 |
SUCCESS | 0x00000000 | |
| 18:34:36,199 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => HttpQueryInfoA FunctionAddress => 0x771c79c2 ModuleHandle => 0x771b0000 |
SUCCESS | 0x00000000 | |
| 18:34:36,199 | 588 | RegOpenKeyExA |
Handle => 0x000003aa Registry => 0x80000000 SubKey => http |
SUCCESS | 0x00000000 | |
| 18:34:36,209 | 588 | RegQueryValueExA |
Handle => 0x000003aa DataLength => 39 ValueName => ShellFolder Type => 938 |
FAILURE | 0x00000002 | |
| 18:34:36,209 | 588 | RegCloseKey |
Handle => 0x000003aa |
SUCCESS | 0x00000000 | |
| 18:34:36,209 | 588 | LdrGetDllHandle |
ModuleHandle => 0x77120000 FileName => OLEAUT32.DLL |
SUCCESS | 0x00000000 | |
| 18:34:36,209 | 588 | RegOpenKeyExA |
Handle => 0x000003a8 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main |
SUCCESS | 0x00000000 | |
| 18:34:36,229 | 588 | RegQueryValueExW |
Handle => 0x000003a8 DataLength => 4 ValueName => AutoSearch Type => 1285976 |
FAILURE | 0x00000002 | |
| 18:34:36,239 | 588 | RegOpenKeyExA |
Handle => 0x000003ac Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main |
SUCCESS | 0x00000000 | |
| 18:34:36,239 | 588 | RegQueryValueExW |
Handle => 0x000003ac DataLength => 4 ValueName => AutoSearch Type => 1285976 |
FAILURE | 0x00000002 | |
| 18:34:36,249 | 588 | RegCloseKey |
Handle => 0x000003ac |
SUCCESS | 0x00000000 | |
| 18:34:36,249 | 588 | RegCloseKey |
Handle => 0x000003a8 |
SUCCESS | 0x00000000 | |
| 18:34:36,249 | 588 | NtQueryInformationFile |
FileHandle => 0x00000174 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:36,249 | 588 | LdrGetProcedureAddress |
Ordinal => 10 FunctionName => FunctionAddress => 0x77124cfd ModuleHandle => 0x77120000 |
SUCCESS | 0x00000000 | |
| 18:34:36,249 | 588 | RegOpenKeyExW |
Handle => 0x000003a8 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} |
SUCCESS | 0x00000000 | |
| 18:34:36,249 | 588 | RegCloseKey |
Handle => 0x000003a8 |
SUCCESS | 0x00000000 | |
| 18:34:36,299 | 588 | LdrLoadDll |
Flags => 1290756 BaseAddress => 0x20000000 FileName => xpsp3res.dll |
SUCCESS | 0x00000000 | |
| 18:34:36,319 | 588 | LdrLoadDll |
Flags => 1288520 BaseAddress => 0x20000000 FileName => C:\WINDOWS\system32\xpsp3res.dll |
SUCCESS | 0x00000000 | |
| 18:34:36,319 | 588 | LdrGetProcedureAddress |
Ordinal => 336 FunctionName => FunctionAddress => 0x5d0a67fa ModuleHandle => 0x5d090000 |
SUCCESS | 0x00000000 | |
| 18:34:36,339 | 588 | RegOpenKeyExW |
Handle => 0x000003ac Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:36,339 | 588 | RegQueryValueExW |
Handle => 0x000003ac DataLength => 4 ValueName => Security_HKLM_only Type => 1290160 |
FAILURE | 0x00000002 | |
| 18:34:36,339 | 588 | RegCloseKey |
Handle => 0x000003ac |
SUCCESS | 0x00000000 | |
| 18:34:36,339 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:36,339 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:36,339 | 588 | RegOpenKeyExW |
Handle => 0x000003ac Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 18:34:36,339 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:36,339 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ac SubKey => FEATURE_ADDRESS_BAR_UPDATING_KB897251 |
FAILURE | 0x00000002 | |
| 18:34:36,339 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 18:34:36,339 | 588 | RegCloseKey |
Handle => 0x000003ac |
SUCCESS | 0x00000000 | |
| 18:34:36,339 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 18:34:36,339 | 588 | NtQueryInformationFile |
FileHandle => 0x00000174 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:36,339 | 588 | LdrLoadDll |
Flags => 1283276 BaseAddress => 0x71800000 FileName => C:\WINDOWS\system32\shdoclc.dll |
SUCCESS | 0x00000000 | |
| 18:34:36,339 | 588 | LdrGetProcedureAddress |
Ordinal => 150 FunctionName => FunctionAddress => 0x77124c35 ModuleHandle => 0x77120000 |
SUCCESS | 0x00000000 | |
| 18:34:36,339 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000000 SubKey => res |
FAILURE | 0x00000002 | 1 time |
| 18:34:36,349 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:36,349 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:36,349 | 588 | GetSystemMetrics |
SystemMetricIndex => 2 |
SUCCESS | 0x00000011 | |
| 18:34:36,349 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:36,349 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:36,349 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:36,349 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:36,349 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:36,349 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:36,369 | 588 | LdrGetDllHandle |
ModuleHandle => 0x77120000 FileName => OLEAUT32.DLL |
SUCCESS | 0x00000000 | |
| 18:34:36,369 | 588 | NtQueryInformationFile |
FileHandle => 0x00000174 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:36,380 | 588 | RegOpenKeyExA |
Handle => 0x000003ac Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\New Windows |
SUCCESS | 0x00000000 | |
| 18:34:36,380 | 588 | RegQueryValueExW |
Handle => 0x000003ac DataLength => 520 ValueName => EnableHooks Type => 1279164 |
FAILURE | 0x00000002 | |
| 18:34:36,380 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\New Windows |
FAILURE | 0x00000002 | |
| 18:34:36,380 | 588 | RegCloseKey |
Handle => 0x000003ac |
SUCCESS | 0x00000000 | |
| 18:34:36,380 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:36,380 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:36,380 | 588 | GetSystemMetrics |
SystemMetricIndex => 2 |
SUCCESS | 0x00000011 | |
| 18:34:36,380 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:36,380 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:36,380 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:36,380 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:36,380 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:36,380 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:36,390 | 588 | RegOpenKeyExA |
Handle => 0x000003ae Registry => 0x80000000 SubKey => PROTOCOLS\Name-Space Handler\ |
SUCCESS | 0x00000000 | |
| 18:34:36,400 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000000 SubKey => PROTOCOLS\Name-Space Handler\res\ |
FAILURE | 0x00000002 | |
| 18:34:36,400 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000000 SubKey => PROTOCOLS\Name-Space Handler\*\ |
FAILURE | 0x00000002 | |
| 18:34:36,400 | 588 | RegCloseKey |
Handle => 0x000003ae |
SUCCESS | 0x00000000 | |
| 18:34:36,400 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Classes\PROTOCOLS\Handler\res |
FAILURE | 0x00000002 | |
| 18:34:36,400 | 588 | RegOpenKeyExA |
Handle => 0x000003ac Registry => 0x80000002 SubKey => SOFTWARE\Classes\PROTOCOLS\Handler\res |
SUCCESS | 0x00000000 | |
| 18:34:36,400 | 588 | RegQueryValueExA |
Handle => 0x000003ac Data => {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}\x00 ValueName => CLSID |
SUCCESS | 0x00000000 | |
| 18:34:36,400 | 588 | RegCloseKey |
Handle => 0x000003ac |
SUCCESS | 0x00000000 | |
| 18:34:36,400 | 588 | RegOpenKeyExW |
Handle => 0x000003ac Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:36,400 | 588 | RegQueryValueExW |
Handle => 0x000003ac Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:36,400 | 588 | RegCloseKey |
Handle => 0x000003ac |
SUCCESS | 0x00000000 | |
| 18:34:36,410 | 588 | RegOpenKeyExW |
Handle => 0x000003ac Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:36,410 | 588 | RegQueryValueExW |
Handle => 0x000003ac Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:36,410 | 588 | RegCloseKey |
Handle => 0x000003ac |
SUCCESS | 0x00000000 | |
| 18:34:36,410 | 588 | RegOpenKeyExW |
Handle => 0x000003ae Registry => 0x000000e6 SubKey => CLSID\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} |
SUCCESS | 0x00000000 | |
| 18:34:36,410 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ae SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:36,410 | 588 | RegOpenKeyExW |
Handle => 0x000003aa Registry => 0x000000e6 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:36,410 | 588 | RegCloseKey |
Handle => 0x000003ae |
SUCCESS | 0x00000000 | |
| 18:34:36,410 | 588 | RegOpenKeyExW |
Handle => 0x000003ae Registry => 0x000003aa SubKey => CLSID\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} |
SUCCESS | 0x00000000 | |
| 18:34:36,410 | 588 | RegOpenKeyExW |
Handle => 0x000003ba Registry => 0x000003ae SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:36,420 | 588 | RegQueryValueExW |
Handle => 0x000003ba DataLength => 1000 ValueName => InprocServer32 Type => 1567048 |
FAILURE | 0x00000002 | |
| 18:34:36,420 | 588 | RegCloseKey |
Handle => 0x000003ba |
SUCCESS | 0x00000000 | |
| 18:34:36,420 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ae SubKey => InprocServerX86 |
FAILURE | 0x00000002 | |
| 18:34:36,420 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ae SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:36,420 | 588 | RegOpenKeyExW |
Handle => 0x000003ba Registry => 0x000003ae SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:36,420 | 588 | RegQueryValueExW |
Handle => 0x000003ba Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00m\x00s\x00h\x00t\x00m\x00l\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:36,420 | 588 | RegCloseKey |
Handle => 0x000003ba |
SUCCESS | 0x00000000 | |
| 18:34:36,420 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ae SubKey => InprocHandler32 |
FAILURE | 0x00000002 | |
| 18:34:36,420 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ae SubKey => InprocHandlerX86 |
FAILURE | 0x00000002 | |
| 18:34:36,420 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ae SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:36,420 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ae SubKey => LocalServer |
FAILURE | 0x00000002 | |
| 18:34:36,430 | 588 | RegOpenKeyExW |
Handle => 0x000003ba Registry => 0x000003aa SubKey => CLSID\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} |
SUCCESS | 0x00000000 | |
| 18:34:36,430 | 588 | RegQueryValueExW |
Handle => 0x000003ba DataLength => 100 ValueName => AppID Type => 1270020 |
FAILURE | 0x00000002 | |
| 18:34:36,430 | 588 | RegCloseKey |
Handle => 0x000003ba |
SUCCESS | 0x00000000 | |
| 18:34:36,430 | 588 | RegCloseKey |
Handle => 0x000003ae |
SUCCESS | 0x00000000 | |
| 18:34:36,430 | 588 | RegCloseKey |
Handle => 0x000003aa |
SUCCESS | 0x00000000 | |
| 18:34:36,430 | 588 | RegOpenKeyExW |
Handle => 0x000003a8 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:36,430 | 588 | RegQueryValueExW |
Handle => 0x000003a8 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:36,430 | 588 | RegCloseKey |
Handle => 0x000003a8 |
SUCCESS | 0x00000000 | |
| 18:34:36,430 | 588 | RegOpenKeyExW |
Handle => 0x000003a8 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:36,430 | 588 | RegQueryValueExW |
Handle => 0x000003a8 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:36,430 | 588 | RegCloseKey |
Handle => 0x000003a8 |
SUCCESS | 0x00000000 | |
| 18:34:36,430 | 588 | RegOpenKeyExW |
Handle => 0x000003aa Registry => 0x000000e6 SubKey => CLSID\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} |
SUCCESS | 0x00000000 | |
| 18:34:36,430 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003aa SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:36,430 | 588 | RegOpenKeyExW |
Handle => 0x000003ae Registry => 0x000000e6 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:36,430 | 588 | RegCloseKey |
Handle => 0x000003aa |
SUCCESS | 0x00000000 | |
| 18:34:36,430 | 588 | RegOpenKeyExW |
Handle => 0x000003aa Registry => 0x000003ae SubKey => CLSID\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} |
SUCCESS | 0x00000000 | |
| 18:34:36,430 | 588 | RegOpenKeyExW |
Handle => 0x000003ba Registry => 0x000003aa SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:36,430 | 588 | RegQueryValueExW |
Handle => 0x000003ba DataLength => 1000 ValueName => InprocServer32 Type => 1568064 |
FAILURE | 0x00000002 | |
| 18:34:36,430 | 588 | RegCloseKey |
Handle => 0x000003ba |
SUCCESS | 0x00000000 | |
| 18:34:36,430 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003aa SubKey => InprocServerX86 |
FAILURE | 0x00000002 | |
| 18:34:36,430 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003aa SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:36,430 | 588 | RegOpenKeyExW |
Handle => 0x000003ba Registry => 0x000003aa SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:36,430 | 588 | RegQueryValueExW |
Handle => 0x000003ba Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00m\x00s\x00h\x00t\x00m\x00l\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:36,430 | 588 | RegCloseKey |
Handle => 0x000003ba |
SUCCESS | 0x00000000 | |
| 18:34:36,430 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003aa SubKey => InprocHandler32 |
FAILURE | 0x00000002 | |
| 18:34:36,430 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003aa SubKey => InprocHandlerX86 |
FAILURE | 0x00000002 | |
| 18:34:36,430 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003aa SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:36,430 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003aa SubKey => LocalServer |
FAILURE | 0x00000002 | |
| 18:34:36,430 | 588 | RegOpenKeyExW |
Handle => 0x000003ba Registry => 0x000003ae SubKey => CLSID\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} |
SUCCESS | 0x00000000 | |
| 18:34:36,430 | 588 | RegQueryValueExW |
Handle => 0x000003ba DataLength => 100 ValueName => AppID Type => 1269936 |
FAILURE | 0x00000002 | |
| 18:34:36,430 | 588 | RegCloseKey |
Handle => 0x000003ba |
SUCCESS | 0x00000000 | |
| 18:34:36,430 | 588 | RegCloseKey |
Handle => 0x000003aa |
SUCCESS | 0x00000000 | |
| 18:34:36,430 | 588 | RegOpenKeyExW |
Handle => 0x000003aa Registry => 0x000003ae SubKey => CLSID\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} |
SUCCESS | 0x00000000 | |
| 18:34:36,430 | 588 | RegOpenKeyExW |
Handle => 0x000003ba Registry => 0x000003aa SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:36,430 | 588 | RegQueryValueExW |
Handle => 0x000003ba Data => A\x00p\x00a\x00r\x00t\x00m\x00e\x00n\x00t\x00\x00\x00 ValueName => ThreadingModel |
SUCCESS | 0x00000000 | |
| 18:34:36,430 | 588 | RegCloseKey |
Handle => 0x000003ba |
SUCCESS | 0x00000000 | |
| 18:34:36,430 | 588 | RegCloseKey |
Handle => 0x000003aa |
SUCCESS | 0x00000000 | |
| 18:34:36,430 | 588 | RegOpenKeyExW |
Handle => 0x000003aa Registry => 0x80000000 SubKey => CLSID\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} |
SUCCESS | 0x00000000 | |
| 18:34:36,430 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003aa SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:36,430 | 588 | RegCloseKey |
Handle => 0x000003aa |
SUCCESS | 0x00000000 | |
| 18:34:36,440 | 588 | LdrLoadDll |
Flags => 1266900 BaseAddress => 0x7dc30000 FileName => C:\WINDOWS\system32\mshtml.dll |
SUCCESS | 0x00000000 | |
| 18:34:36,440 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DllGetClassObject FunctionAddress => 0x7dd1e0d4 ModuleHandle => 0x7dc30000 |
SUCCESS | 0x00000000 | |
| 18:34:36,450 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DllCanUnloadNow FunctionAddress => 0x7dd17584 ModuleHandle => 0x7dc30000 |
SUCCESS | 0x00000000 | |
| 18:34:36,470 | 588 | LdrLoadDll |
Flags => 1271140 BaseAddress => 0x7e1e0000 FileName => URLMON.DLL |
SUCCESS | 0x00000000 | |
| 18:34:36,470 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RegisterFormatEnumerator FunctionAddress => 0x7e1f5c12 ModuleHandle => 0x7e1e0000 |
SUCCESS | 0x00000000 | |
| 18:34:36,470 | 588 | RegOpenKeyExW |
Handle => 0x000003a8 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Ratings |
SUCCESS | 0x00000000 | |
| 18:34:36,470 | 588 | RegQueryValueExW |
Handle => 0x000003a8 DataLength => 400 ValueName => Key Type => 1270864 |
FAILURE | 0x00000002 | |
| 18:34:36,480 | 588 | RegCloseKey |
Handle => 0x000003a8 |
SUCCESS | 0x00000000 | |
| 18:34:36,480 | 588 | RegOpenKeyExA |
Handle => 0x000003a8 Registry => 0x80000001 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:36,480 | 588 | RegQueryValueExA |
Handle => 0x000003a8 DataLength => 4 ValueName => UrlEncoding Type => 936 |
FAILURE | 0x00000002 | |
| 18:34:36,480 | 588 | RegOpenKeyExA |
Handle => 0x000003b8 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:36,480 | 588 | RegQueryValueExA |
Handle => 0x000003b8 DataLength => 11 ValueName => UrlEncoding Type => 1 |
FAILURE | 0x000000ea | |
| 18:34:36,480 | 588 | RegCloseKey |
Handle => 0x000003b8 |
SUCCESS | 0x00000000 | |
| 18:34:36,480 | 588 | RegCloseKey |
Handle => 0x000003a8 |
SUCCESS | 0x00000000 | |
| 18:34:36,490 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Classes\PROTOCOLS\Handler\res |
FAILURE | 0x00000002 | |
| 18:34:36,490 | 588 | RegOpenKeyExA |
Handle => 0x000003a8 Registry => 0x80000002 SubKey => SOFTWARE\Classes\PROTOCOLS\Handler\res |
SUCCESS | 0x00000000 | |
| 18:34:36,490 | 588 | RegQueryValueExA |
Handle => 0x000003a8 Data => {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}\x00 ValueName => CLSID |
SUCCESS | 0x00000000 | |
| 18:34:36,490 | 588 | RegCloseKey |
Handle => 0x000003a8 |
SUCCESS | 0x00000000 | |
| 18:34:36,520 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:36,520 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:36,520 | 588 | GetSystemMetrics |
SystemMetricIndex => 2 |
SUCCESS | 0x00000011 | |
| 18:34:36,520 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:36,520 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:36,520 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:36,520 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:36,520 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:36,530 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:36,530 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Classes\PROTOCOLS\Handler\res |
FAILURE | 0x00000002 | |
| 18:34:36,530 | 588 | RegOpenKeyExA |
Handle => 0x000003a8 Registry => 0x80000002 SubKey => SOFTWARE\Classes\PROTOCOLS\Handler\res |
SUCCESS | 0x00000000 | |
| 18:34:36,530 | 588 | RegQueryValueExA |
Handle => 0x000003a8 Data => {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}\x00 ValueName => CLSID |
SUCCESS | 0x00000000 | |
| 18:34:36,530 | 588 | RegCloseKey |
Handle => 0x000003a8 |
SUCCESS | 0x00000000 | |
| 18:34:36,530 | 588 | GetSystemMetrics |
SystemMetricIndex => 68 |
SUCCESS | 0x00000004 | |
| 18:34:36,530 | 588 | GetSystemMetrics |
SystemMetricIndex => 69 |
SUCCESS | 0x00000004 | |
| 18:34:36,540 | 588 | GetSystemMetrics |
SystemMetricIndex => 2 |
SUCCESS | 0x00000011 | |
| 18:34:36,540 | 588 | GetSystemMetrics |
SystemMetricIndex => 3 |
SUCCESS | 0x00000011 | |
| 18:34:36,540 | 588 | GetSystemMetrics |
SystemMetricIndex => 21 |
SUCCESS | 0x00000011 | |
| 18:34:36,540 | 588 | GetSystemMetrics |
SystemMetricIndex => 20 |
SUCCESS | 0x00000011 | |
| 18:34:36,540 | 588 | GetSystemMetrics |
SystemMetricIndex => 10 |
SUCCESS | 0x00000011 | |
| 18:34:36,540 | 588 | GetSystemMetrics |
SystemMetricIndex => 9 |
SUCCESS | 0x00000011 | |
| 18:34:36,540 | 588 | RegOpenKeyExW |
Handle => 0x000003a8 Registry => 0x80000001 SubKey => Control Panel\International |
SUCCESS | 0x00000000 | |
| 18:34:36,540 | 588 | RegQueryValueExA |
Handle => 0x000003a8 Data => 1\x00 ValueName => NumShape |
SUCCESS | 0x00000000 | |
| 18:34:36,550 | 588 | RegCloseKey |
Handle => 0x000003a8 |
SUCCESS | 0x00000000 | |
| 18:34:36,550 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => KERNEL32.DLL |
SUCCESS | 0x00000000 | |
| 18:34:36,550 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetSystemWindowsDirectoryW FunctionAddress => 0x7c80adb9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 18:34:36,550 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => KERNEL32.DLL |
SUCCESS | 0x00000000 | |
| 18:34:36,550 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CreateActCtxW FunctionAddress => 0x7c8154ec ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 18:34:36,550 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => C:\WINDOWS\WindowsShell.manifest |
FAILURE | 3221225781 | |
| 18:34:36,550 | 588 | NtCreateFile |
ShareAccess => 5 FileName => C:\WINDOWS\WindowsShell.manifest DesiredAccess => 0x80100080 CreateDisposition => 1 FileHandle => 0x000003b8 |
SUCCESS | 0x00000000 | |
| 18:34:36,550 | 588 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0005 SectionHandle => 0x000003a8 FileHandle => 0x000003b8 |
SUCCESS | 0x00000000 | |
| 18:34:36,550 | 588 | ZwMapViewOfSection |
SectionOffset => 0x00134b44 SectionHandle => 0x000003a8 ProcessHandle => 0xffffffff BaseAddress => 0x00fc0000 |
SUCCESS | 0x00000000 | |
| 18:34:36,640 | 588 | NtOpenFile |
ShareAccess => 1 FileName => C:\WINDOWS\WindowsShell.manifest DesiredAccess => 0x001200a9 FileHandle => 0x000003a8 |
SUCCESS | 0x00000000 | |
| 18:34:36,640 | 588 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x00000004 SectionHandle => 0x000003b8 FileHandle => 0x000003a8 |
SUCCESS | 0x00000000 | |
| 18:34:36,640 | 588 | ZwMapViewOfSection |
SectionOffset => 0x00000000 SectionHandle => 0x000003b8 ProcessHandle => 0xffffffff BaseAddress => 0x00fc0000 |
SUCCESS | 0x00000000 | |
| 18:34:36,640 | 588 | NtQueryInformationFile |
FileHandle => 0x000003a8 FileInformation => \x00\x10\x00\x00\x00\x00\x00\x00\xed\x02\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:36,640 | 588 | NtOpenFile |
ShareAccess => 1 FileName => C:\WINDOWS\WindowsShell.Config DesiredAccess => 0x001200a9 FileHandle => 0x00000000 |
FAILURE | 3221225524 | |
| 18:34:36,660 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => KERNEL32.DLL |
SUCCESS | 0x00000000 | |
| 18:34:36,660 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => ActivateActCtx FunctionAddress => 0x7c80a6d4 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 18:34:36,660 | 588 | LdrLoadDll |
Flags => 1265324 BaseAddress => 0x773d0000 FileName => comctl32.dll |
SUCCESS | 0x00000000 | |
| 18:34:36,660 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => KERNEL32.DLL |
SUCCESS | 0x00000000 | |
| 18:34:36,660 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DeactivateActCtx FunctionAddress => 0x7c80a705 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 18:34:36,660 | 588 | LdrGetDllHandle |
ModuleHandle => 0x77120000 FileName => OLEAUT32 |
SUCCESS | 0x00000000 | |
| 18:34:36,660 | 588 | LdrLoadDll |
Flags => 1266368 BaseAddress => 0x77120000 FileName => OLEAUT32.dll |
SUCCESS | 0x00000000 | |
| 18:34:36,660 | 588 | LdrGetProcedureAddress |
Ordinal => 201 FunctionName => FunctionAddress => 0x77124dd6 ModuleHandle => 0x77120000 |
SUCCESS | 0x00000000 | |
| 18:34:36,660 | 588 | LdrGetDllHandle |
ModuleHandle => 0x774e0000 FileName => ole32.dll |
SUCCESS | 0x00000000 | |
| 18:34:36,660 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CreateErrorInfo FunctionAddress => 0x77546b49 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:36,670 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetErrorInfo FunctionAddress => 0x7752993a ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:36,670 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SetErrorInfo FunctionAddress => 0x774feeaa ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:36,670 | 588 | LdrGetProcedureAddress |
Ordinal => 6 FunctionName => FunctionAddress => 0x77124880 ModuleHandle => 0x77120000 |
SUCCESS | 0x00000000 | |
| 18:34:36,670 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => KERNEL32.DLL |
SUCCESS | 0x00000000 | |
| 18:34:36,670 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => ReleaseActCtx FunctionAddress => 0x7c8130ef ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 18:34:36,670 | 588 | LdrLoadDll |
Flags => 1258248 BaseAddress => 0x7e1e0000 FileName => urlmon.dll |
SUCCESS | 0x00000000 | |
| 18:34:36,670 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoInternetParseUrl FunctionAddress => 0x7e1eceac ModuleHandle => 0x7e1e0000 |
SUCCESS | 0x00000000 | |
| 18:34:36,670 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Classes\PROTOCOLS\Handler\res |
FAILURE | 0x00000002 | |
| 18:34:36,670 | 588 | RegOpenKeyExA |
Handle => 0x000003b8 Registry => 0x80000002 SubKey => SOFTWARE\Classes\PROTOCOLS\Handler\res |
SUCCESS | 0x00000000 | |
| 18:34:36,670 | 588 | RegQueryValueExA |
Handle => 0x000003b8 Data => {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}\x00 ValueName => CLSID |
SUCCESS | 0x00000000 | |
| 18:34:36,670 | 588 | RegCloseKey |
Handle => 0x000003b8 |
SUCCESS | 0x00000000 | |
| 18:34:36,670 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Classes\PROTOCOLS\Handler\res |
FAILURE | 0x00000002 | |
| 18:34:36,670 | 588 | RegOpenKeyExA |
Handle => 0x000003b8 Registry => 0x80000002 SubKey => SOFTWARE\Classes\PROTOCOLS\Handler\res |
SUCCESS | 0x00000000 | |
| 18:34:36,670 | 588 | RegQueryValueExA |
Handle => 0x000003b8 Data => {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}\x00 ValueName => CLSID |
SUCCESS | 0x00000000 | |
| 18:34:36,670 | 588 | RegCloseKey |
Handle => 0x000003b8 |
SUCCESS | 0x00000000 | |
| 18:34:36,670 | 588 | LdrGetDllHandle |
ModuleHandle => 0x20000000 FileName => C:\WINDOWS\system32\xpsp3res.dll |
SUCCESS | 0x00000000 | |
| 18:34:36,670 | 588 | LdrLoadDll |
Flags => 1257772 BaseAddress => 0x20000000 FileName => C:\WINDOWS\system32\xpsp3res.dll |
SUCCESS | 0x00000000 | |
| 18:34:36,670 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CreateAsyncBindCtxEx FunctionAddress => 0x7e1f5d84 ModuleHandle => 0x7e1e0000 |
SUCCESS | 0x00000000 | |
| 18:34:36,670 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => FindMimeFromData FunctionAddress => 0x7e20f104 ModuleHandle => 0x7e1e0000 |
SUCCESS | 0x00000000 | |
| 18:34:36,670 | 588 | RegOpenKeyExA |
Handle => 0x000003ba Registry => 0x80000000 SubKey => .htm |
SUCCESS | 0x00000000 | |
| 18:34:36,670 | 588 | RegQueryValueExA |
Handle => 0x000003ba Data => text/html\x00 ValueName => Content Type |
SUCCESS | 0x00000000 | |
| 18:34:36,670 | 588 | RegCloseKey |
Handle => 0x000003ba |
SUCCESS | 0x00000000 | |
| 18:34:36,670 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Classes\PROTOCOLS\Filter\text/html |
FAILURE | 0x00000002 | |
| 18:34:36,670 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => SOFTWARE\Classes\PROTOCOLS\Filter\text/html |
FAILURE | 0x00000002 | |
| 18:34:36,670 | 588 | FindWindowW |
ClassName => MS_AutodialMonitor WindowName => |
FAILURE | 0x00000000 | |
| 18:34:36,670 | 588 | FindWindowW |
ClassName => MS_WebcheckMonitor WindowName => |
SUCCESS | 0x000100a8 | |
| 18:34:36,700 | 588 | RegOpenKeyExA |
Handle => 0x000003b8 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegQueryValueExW |
Handle => 0x000003b8 Data => 0 ValueName => ProxyEnable |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegCloseKey |
Handle => 0x000003b8 |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegOpenKeyExA |
Handle => 0x000003b8 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegQueryValueExW |
Handle => 0x000003b8 Data => 0 ValueName => ProxyEnable |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegCloseKey |
Handle => 0x000003b8 |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Classes\PROTOCOLS\Handler\res |
FAILURE | 0x00000002 | |
| 18:34:36,700 | 588 | RegOpenKeyExA |
Handle => 0x000003b8 Registry => 0x80000002 SubKey => SOFTWARE\Classes\PROTOCOLS\Handler\res |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegQueryValueExA |
Handle => 0x000003b8 Data => {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}\x00 ValueName => CLSID |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegCloseKey |
Handle => 0x000003b8 |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoInternetIsFeatureEnabled FunctionAddress => 0x7e1e27c0 ModuleHandle => 0x7e1e0000 |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegOpenKeyExA |
Handle => 0x000003ba Registry => 0x80000000 SubKey => PROTOCOLS\Name-Space Handler\ |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000000 SubKey => PROTOCOLS\Name-Space Handler\about\ |
FAILURE | 0x00000002 | |
| 18:34:36,700 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000000 SubKey => PROTOCOLS\Name-Space Handler\*\ |
FAILURE | 0x00000002 | |
| 18:34:36,700 | 588 | RegCloseKey |
Handle => 0x000003ba |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Classes\PROTOCOLS\Handler\about |
FAILURE | 0x00000002 | |
| 18:34:36,700 | 588 | RegOpenKeyExA |
Handle => 0x000003b8 Registry => 0x80000002 SubKey => SOFTWARE\Classes\PROTOCOLS\Handler\about |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegQueryValueExA |
Handle => 0x000003b8 Data => {3050F406-98B5-11CF-BB82-00AA00BDCE0B}\x00 ValueName => CLSID |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegCloseKey |
Handle => 0x000003b8 |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegOpenKeyExW |
Handle => 0x000003b8 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegQueryValueExW |
Handle => 0x000003b8 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegCloseKey |
Handle => 0x000003b8 |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegOpenKeyExW |
Handle => 0x000003b8 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegQueryValueExW |
Handle => 0x000003b8 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegCloseKey |
Handle => 0x000003b8 |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegOpenKeyExW |
Handle => 0x000003ba Registry => 0x000000e6 SubKey => CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B} |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ba SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:36,700 | 588 | RegOpenKeyExW |
Handle => 0x000003aa Registry => 0x000000e6 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegCloseKey |
Handle => 0x000003ba |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegOpenKeyExW |
Handle => 0x000003ba Registry => 0x000003aa SubKey => CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B} |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegOpenKeyExW |
Handle => 0x000003be Registry => 0x000003ba SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegQueryValueExW |
Handle => 0x000003be DataLength => 1000 ValueName => InprocServer32 Type => 1567048 |
FAILURE | 0x00000002 | |
| 18:34:36,700 | 588 | RegCloseKey |
Handle => 0x000003be |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ba SubKey => InprocServerX86 |
FAILURE | 0x00000002 | |
| 18:34:36,700 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ba SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:36,700 | 588 | RegOpenKeyExW |
Handle => 0x000003be Registry => 0x000003ba SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegQueryValueExW |
Handle => 0x000003be Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00m\x00s\x00h\x00t\x00m\x00l\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegCloseKey |
Handle => 0x000003be |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ba SubKey => InprocHandler32 |
FAILURE | 0x00000002 | |
| 18:34:36,700 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ba SubKey => InprocHandlerX86 |
FAILURE | 0x00000002 | |
| 18:34:36,700 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ba SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:36,700 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ba SubKey => LocalServer |
FAILURE | 0x00000002 | |
| 18:34:36,700 | 588 | RegOpenKeyExW |
Handle => 0x000003be Registry => 0x000003aa SubKey => CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B} |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegQueryValueExW |
Handle => 0x000003be DataLength => 100 ValueName => AppID Type => 1254660 |
FAILURE | 0x00000002 | |
| 18:34:36,700 | 588 | RegCloseKey |
Handle => 0x000003be |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegCloseKey |
Handle => 0x000003ba |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegOpenKeyExW |
Handle => 0x000003ba Registry => 0x000003aa SubKey => CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B} |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegOpenKeyExW |
Handle => 0x000003be Registry => 0x000003ba SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegQueryValueExW |
Handle => 0x000003be Data => A\x00p\x00a\x00r\x00t\x00m\x00e\x00n\x00t\x00\x00\x00 ValueName => ThreadingModel |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegCloseKey |
Handle => 0x000003be |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegCloseKey |
Handle => 0x000003ba |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegOpenKeyExW |
Handle => 0x000003ba Registry => 0x80000000 SubKey => CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B} |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ba SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:36,700 | 588 | RegCloseKey |
Handle => 0x000003ba |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Classes\PROTOCOLS\Handler\about |
FAILURE | 0x00000002 | |
| 18:34:36,700 | 588 | RegOpenKeyExA |
Handle => 0x000003b8 Registry => 0x80000002 SubKey => SOFTWARE\Classes\PROTOCOLS\Handler\about |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegQueryValueExA |
Handle => 0x000003b8 Data => {3050F406-98B5-11CF-BB82-00AA00BDCE0B}\x00 ValueName => CLSID |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegCloseKey |
Handle => 0x000003b8 |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x00000258 SubKey => Domains\internet |
FAILURE | 0x00000002 | |
| 18:34:36,700 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet |
FAILURE | 0x00000002 | |
| 18:34:36,700 | 588 | RegOpenKeyExA |
Handle => 0x000003b8 Registry => 0x00000258 SubKey => ProtocolDefaults\ |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegQueryValueExW |
Handle => 0x000003b8 DataLength => 4 ValueName => about Type => 1257252 |
FAILURE | 0x00000002 | |
| 18:34:36,700 | 588 | RegOpenKeyExA |
Handle => 0x000003bc Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults\ |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegQueryValueExW |
Handle => 0x000003bc DataLength => 4 ValueName => about Type => 1257252 |
FAILURE | 0x00000002 | |
| 18:34:36,700 | 588 | RegQueryValueExW |
Handle => 0x000003b8 DataLength => 4 ValueName => * Type => 1257252 |
FAILURE | 0x00000002 | |
| 18:34:36,700 | 588 | RegQueryValueExW |
Handle => 0x000003bc DataLength => 4 ValueName => * Type => 1257252 |
FAILURE | 0x00000002 | |
| 18:34:36,700 | 588 | RegCloseKey |
Handle => 0x000003bc |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegCloseKey |
Handle => 0x000003b8 |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegOpenKeyExA |
Handle => 0x000003b8 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegQueryValueExW |
Handle => 0x000003b8 Data => 0 ValueName => 2100 |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegCloseKey |
Handle => 0x000003b8 |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegOpenKeyExA |
Handle => 0x000003b8 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegQueryValueExA |
Handle => 0x000003b8 DataLength => 4 ValueName => IsTextPlainHonored Type => 952 |
FAILURE | 0x00000002 | |
| 18:34:36,700 | 588 | RegCloseKey |
Handle => 0x000003b8 |
SUCCESS | 0x00000000 | |
| 18:34:36,700 | 588 | RegOpenKeyExW |
Handle => 0x000003b8 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | RegQueryValueExW |
Handle => 0x000003b8 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | RegCloseKey |
Handle => 0x000003b8 |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | RegOpenKeyExW |
Handle => 0x000003b8 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | RegQueryValueExW |
Handle => 0x000003b8 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | RegCloseKey |
Handle => 0x000003b8 |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | RegOpenKeyExW |
Handle => 0x000003ba Registry => 0x000000e6 SubKey => CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13} |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ba SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:36,710 | 588 | RegOpenKeyExW |
Handle => 0x000003be Registry => 0x000000e6 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | RegCloseKey |
Handle => 0x000003ba |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | RegOpenKeyExW |
Handle => 0x000003ba Registry => 0x000003be SubKey => CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13} |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | RegOpenKeyExW |
Handle => 0x000003c2 Registry => 0x000003ba SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | RegQueryValueExW |
Handle => 0x000003c2 DataLength => 1000 ValueName => InprocServer32 Type => 1568064 |
FAILURE | 0x00000002 | |
| 18:34:36,710 | 588 | RegCloseKey |
Handle => 0x000003c2 |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ba SubKey => InprocServerX86 |
FAILURE | 0x00000002 | |
| 18:34:36,710 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ba SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:36,710 | 588 | RegOpenKeyExW |
Handle => 0x000003c2 Registry => 0x000003ba SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | RegQueryValueExW |
Handle => 0x000003c2 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00m\x00s\x00h\x00t\x00m\x00l\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | RegCloseKey |
Handle => 0x000003c2 |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ba SubKey => InprocHandler32 |
FAILURE | 0x00000002 | |
| 18:34:36,710 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ba SubKey => InprocHandlerX86 |
FAILURE | 0x00000002 | |
| 18:34:36,710 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ba SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:36,710 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ba SubKey => LocalServer |
FAILURE | 0x00000002 | |
| 18:34:36,710 | 588 | RegOpenKeyExW |
Handle => 0x000003c2 Registry => 0x000003be SubKey => CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13} |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | RegQueryValueExW |
Handle => 0x000003c2 DataLength => 100 ValueName => AppID Type => 1251052 |
FAILURE | 0x00000002 | |
| 18:34:36,710 | 588 | RegCloseKey |
Handle => 0x000003c2 |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | RegCloseKey |
Handle => 0x000003ba |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | RegOpenKeyExW |
Handle => 0x000003ba Registry => 0x000003be SubKey => CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13} |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | RegCloseKey |
Handle => 0x000003ba |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | RegOpenKeyExW |
Handle => 0x000003ba Registry => 0x000003be SubKey => CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13} |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | RegOpenKeyExW |
Handle => 0x000003c2 Registry => 0x000003ba SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | RegQueryValueExW |
Handle => 0x000003c2 Data => A\x00p\x00a\x00r\x00t\x00m\x00e\x00n\x00t\x00\x00\x00 ValueName => ThreadingModel |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | RegCloseKey |
Handle => 0x000003c2 |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | RegCloseKey |
Handle => 0x000003ba |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | RegOpenKeyExW |
Handle => 0x000003ba Registry => 0x80000000 SubKey => CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13} |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ba SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:36,710 | 588 | RegCloseKey |
Handle => 0x000003ba |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | GetSystemMetrics |
SystemMetricIndex => 68 |
SUCCESS | 0x00000004 | |
| 18:34:36,710 | 588 | GetSystemMetrics |
SystemMetricIndex => 69 |
SUCCESS | 0x00000004 | |
| 18:34:36,710 | 588 | GetSystemMetrics |
SystemMetricIndex => 2 |
SUCCESS | 0x00000011 | |
| 18:34:36,710 | 588 | GetSystemMetrics |
SystemMetricIndex => 3 |
SUCCESS | 0x00000011 | |
| 18:34:36,710 | 588 | GetSystemMetrics |
SystemMetricIndex => 21 |
SUCCESS | 0x00000011 | |
| 18:34:36,710 | 588 | GetSystemMetrics |
SystemMetricIndex => 20 |
SUCCESS | 0x00000011 | |
| 18:34:36,710 | 588 | GetSystemMetrics |
SystemMetricIndex => 10 |
SUCCESS | 0x00000011 | |
| 18:34:36,710 | 588 | GetSystemMetrics |
SystemMetricIndex => 9 |
SUCCESS | 0x00000011 | |
| 18:34:36,710 | 588 | RegOpenKeyExW |
Handle => 0x000003b8 Registry => 0x80000001 SubKey => Control Panel\International |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | RegQueryValueExA |
Handle => 0x000003b8 Data => 1\x00 ValueName => NumShape |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | RegCloseKey |
Handle => 0x000003b8 |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => KERNEL32.DLL |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetSystemWindowsDirectoryW FunctionAddress => 0x7c80adb9 ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7c800000 FileName => KERNEL32.DLL |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CreateActCtxW FunctionAddress => 0x7c8154ec ModuleHandle => 0x7c800000 |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => C:\WINDOWS\WindowsShell.manifest |
FAILURE | 3221225781 | |
| 18:34:36,710 | 588 | NtCreateFile |
ShareAccess => 5 FileName => C:\WINDOWS\WindowsShell.manifest DesiredAccess => 0x80100080 CreateDisposition => 1 FileHandle => 0x000003c0 |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0005 SectionHandle => 0x000003b8 FileHandle => 0x000003c0 |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | ZwMapViewOfSection |
SectionOffset => 0x001311b8 SectionHandle => 0x000003b8 ProcessHandle => 0xffffffff BaseAddress => 0x00fc0000 |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | NtOpenFile |
ShareAccess => 1 FileName => C:\WINDOWS\WindowsShell.manifest DesiredAccess => 0x001200a9 FileHandle => 0x000003b8 |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x00000004 SectionHandle => 0x000003c0 FileHandle => 0x000003b8 |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | ZwMapViewOfSection |
SectionOffset => 0x00000000 SectionHandle => 0x000003c0 ProcessHandle => 0xffffffff BaseAddress => 0x00fc0000 |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | NtQueryInformationFile |
FileHandle => 0x000003b8 FileInformation => \x00\x10\x00\x00\x00\x00\x00\x00\xed\x02\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:36,710 | 588 | NtOpenFile |
ShareAccess => 1 FileName => C:\WINDOWS\WindowsShell.Config DesiredAccess => 0x001200a9 FileHandle => 0x00000000 |
FAILURE | 3221225524 | |
| 18:34:36,720 | 588 | NtOpenKey |
DesiredAccess => 2147483648 KeyHandle => 0x000003c0 ObjectAttributes => \REGISTRY\USER\S-1-5-21-1935655697-1606980848-1060284298-1003 |
SUCCESS | 0x00000000 | |
| 18:34:36,720 | 588 | NtOpenKey |
DesiredAccess => 2147483648 KeyHandle => 0x000003c0 ObjectAttributes => \REGISTRY\USER\S-1-5-21-1935655697-1606980848-1060284298-1003\Software\Microsoft\Windows NT\CurrentVersion\Windows |
SUCCESS | 0x00000000 | |
| 18:34:36,720 | 588 | NtQueryValueKey |
KeyHandle => 0x000003b8 ValueName => DragScrollInset |
FAILURE | 3221225524 | |
| 18:34:36,720 | 588 | NtQueryKey |
KeyInformationClass => 0 KeyHandle => 0x000003c0 KeyInformation => \xef\xff\xa0\xef\xfe\xb9$\x13\xef\xff\xb2\xef\xfe\x91\xef\xff\x8f\x01\x00\x00\x00\x00\x0e\x00\x00\x00W\x00i\x00n\x00d\x00 |
FAILURE | 2147483653 | |
| 18:34:36,720 | 588 | NtQueryValueKey |
KeyHandle => 0x000003b8 ValueName => DragScrollDelay |
FAILURE | 3221225524 | |
| 18:34:36,720 | 588 | NtQueryKey |
KeyInformationClass => 0 KeyHandle => 0x000003c0 KeyInformation => \xef\xff\xa0\xef\xfe\xb9$\x13\xef\xff\xb2\xef\xfe\x91\xef\xff\x8f\x01\x00\x00\x00\x00\x0e\x00\x00\x00W\x00i\x00n\x00d\x00 |
FAILURE | 2147483653 | |
| 18:34:36,720 | 588 | NtQueryValueKey |
KeyHandle => 0x000003b8 ValueName => DragDelay |
FAILURE | 3221225524 | |
| 18:34:36,720 | 588 | NtQueryKey |
KeyInformationClass => 0 KeyHandle => 0x000003c0 KeyInformation => \xef\xff\xa0\xef\xfe\xb9$\x13\xef\xff\xb2\xef\xfe\x91\xef\xff\x8f\x01\x00\x00\x00\x00\x0e\x00\x00\x00W\x00i\x00n\x00d\x00 |
FAILURE | 2147483653 | |
| 18:34:36,720 | 588 | NtQueryValueKey |
KeyHandle => 0x000003b8 ValueName => DragScrollInterval |
FAILURE | 3221225524 | |
| 18:34:36,720 | 588 | ReadProcessMemory |
Buffer => \x00\x00@\x00 ProcessHandle => 0xffffffff BaseAddress => 0x7ffde008 |
SUCCESS | 0x00000001 | |
| 18:34:36,720 | 588 | ReadProcessMemory |
Buffer => \x90\x1e&\x00 ProcessHandle => 0xffffffff BaseAddress => 0x7ffde00c |
SUCCESS | 0x00000001 | |
| 18:34:36,720 | 588 | ReadProcessMemory |
Buffer => \xc8\x1e&\x00 ProcessHandle => 0xffffffff BaseAddress => 0x00261ea4 |
SUCCESS | 0x00000001 | |
| 18:34:36,720 | 588 | ReadProcessMemory |
Buffer => \x18\x1f&\x00\x9c\x1e&\x00 \x1f&\x00\xa4\x1e&\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00Q$@\x00\x00\x90\x01\x00^\x00`\x00\xb4\x05\x02\x00\x18\x00\x1a\x00\xfa\x05\x02\x00\x00P\x00\x00\xff\xff\x00\x00d+&\x00\xa0\xb2\x97|%R\x02H\x00\x00\x00\x00\x00\x00\x00\x00 ProcessHandle => 0xffffffff BaseAddress => 0x00261ec0 |
SUCCESS | 0x00000001 | |
| 18:34:36,720 | 588 | ReadProcessMemory |
Buffer => i\x00e\x00x\x00p\x00l\x00o\x00r\x00e\x00.\x00e\x00x\x00e\x00\x00\x00 ProcessHandle => 0xffffffff BaseAddress => 0x000205fa |
SUCCESS | 0x00000001 | |
| 18:34:36,720 | 588 | RegOpenKeyExW |
Handle => 0x000003b8 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 18:34:36,730 | 588 | RegQueryValueExW |
Handle => 0x000003b8 DataLength => 4 ValueName => NoFileMenu Type => 1250248 |
FAILURE | 0x00000002 | |
| 18:34:36,730 | 588 | RegCloseKey |
Handle => 0x000003b8 |
SUCCESS | 0x00000000 | |
| 18:34:36,730 | 588 | RegOpenKeyExW |
Handle => 0x000003b8 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:36,730 | 588 | RegQueryValueExW |
Handle => 0x000003b8 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:36,730 | 588 | RegCloseKey |
Handle => 0x000003b8 |
SUCCESS | 0x00000000 | |
| 18:34:36,730 | 588 | RegOpenKeyExW |
Handle => 0x000003b8 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:36,730 | 588 | RegQueryValueExW |
Handle => 0x000003b8 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:36,730 | 588 | RegCloseKey |
Handle => 0x000003b8 |
SUCCESS | 0x00000000 | |
| 18:34:36,730 | 588 | RegOpenKeyExW |
Handle => 0x000003ba Registry => 0x000000e6 SubKey => CLSID\{38F69B16-F583-40FB-B262-5C764DE868E8} |
SUCCESS | 0x00000000 | |
| 18:34:36,730 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ba SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:36,730 | 588 | RegOpenKeyExW |
Handle => 0x000003c6 Registry => 0x000000e6 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:36,730 | 588 | RegCloseKey |
Handle => 0x000003ba |
SUCCESS | 0x00000000 | |
| 18:34:36,730 | 588 | RegOpenKeyExW |
Handle => 0x000003ba Registry => 0x000003c6 SubKey => CLSID\{38F69B16-F583-40FB-B262-5C764DE868E8} |
SUCCESS | 0x00000000 | |
| 18:34:36,730 | 588 | RegOpenKeyExW |
Handle => 0x000003ca Registry => 0x000003ba SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:36,730 | 588 | RegQueryValueExW |
Handle => 0x000003ca DataLength => 1000 ValueName => InprocServer32 Type => 1567048 |
FAILURE | 0x00000002 | |
| 18:34:36,730 | 588 | RegCloseKey |
Handle => 0x000003ca |
SUCCESS | 0x00000000 | |
| 18:34:36,730 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ba SubKey => InprocServerX86 |
FAILURE | 0x00000002 | |
| 18:34:36,730 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ba SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:36,730 | 588 | RegOpenKeyExW |
Handle => 0x000003ca Registry => 0x000003ba SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:36,730 | 588 | RegQueryValueExW |
Handle => 0x000003ca Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00s\x00h\x00d\x00o\x00c\x00v\x00w\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:36,730 | 588 | RegCloseKey |
Handle => 0x000003ca |
SUCCESS | 0x00000000 | |
| 18:34:36,730 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ba SubKey => InprocHandler32 |
FAILURE | 0x00000002 | |
| 18:34:36,730 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ba SubKey => InprocHandlerX86 |
FAILURE | 0x00000002 | |
| 18:34:36,730 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ba SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:36,730 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ba SubKey => LocalServer |
FAILURE | 0x00000002 | |
| 18:34:36,730 | 588 | RegOpenKeyExW |
Handle => 0x000003ca Registry => 0x000003c6 SubKey => CLSID\{38F69B16-F583-40FB-B262-5C764DE868E8} |
SUCCESS | 0x00000000 | |
| 18:34:36,730 | 588 | RegQueryValueExW |
Handle => 0x000003ca DataLength => 100 ValueName => AppID Type => 1250912 |
FAILURE | 0x00000002 | |
| 18:34:36,730 | 588 | RegCloseKey |
Handle => 0x000003ca |
SUCCESS | 0x00000000 | |
| 18:34:36,730 | 588 | RegCloseKey |
Handle => 0x000003ba |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegOpenKeyExW |
Handle => 0x000003ba Registry => 0x000003c6 SubKey => CLSID\{38F69B16-F583-40FB-B262-5C764DE868E8} |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegOpenKeyExW |
Handle => 0x000003ca Registry => 0x000003ba SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003ca Data => A\x00p\x00a\x00r\x00t\x00m\x00e\x00n\x00t\x00\x00\x00 ValueName => ThreadingModel |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegCloseKey |
Handle => 0x000003ca |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegCloseKey |
Handle => 0x000003ba |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegOpenKeyExW |
Handle => 0x000003ba Registry => 0x80000000 SubKey => CLSID\{38F69B16-F583-40FB-B262-5C764DE868E8} |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ba SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegCloseKey |
Handle => 0x000003ba |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Internet Explorer\Security\Floppy Access |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Internet Explorer\Security\Adv AddrBar Spoof Detection |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Internet Explorer\Printing |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoInternetCreateSecurityManager FunctionAddress => 0x7e1e30e7 ModuleHandle => 0x7e1e0000 |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegOpenKeyExA |
Handle => 0x000003b8 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegOpenKeyExA |
Handle => 0x000003c8 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Classes\PROTOCOLS\Handler\about |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegOpenKeyExA |
Handle => 0x000003cc Registry => 0x80000002 SubKey => SOFTWARE\Classes\PROTOCOLS\Handler\about |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegQueryValueExA |
Handle => 0x000003cc Data => {3050F406-98B5-11CF-BB82-00AA00BDCE0B}\x00 ValueName => CLSID |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegCloseKey |
Handle => 0x000003cc |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Classes\PROTOCOLS\Handler\about |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegOpenKeyExA |
Handle => 0x000003cc Registry => 0x80000002 SubKey => SOFTWARE\Classes\PROTOCOLS\Handler\about |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegQueryValueExA |
Handle => 0x000003cc Data => {3050F406-98B5-11CF-BB82-00AA00BDCE0B}\x00 ValueName => CLSID |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegCloseKey |
Handle => 0x000003cc |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Classes\PROTOCOLS\Handler\about |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegOpenKeyExA |
Handle => 0x000003cc Registry => 0x80000002 SubKey => SOFTWARE\Classes\PROTOCOLS\Handler\about |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegQueryValueExA |
Handle => 0x000003cc Data => {3050F406-98B5-11CF-BB82-00AA00BDCE0B}\x00 ValueName => CLSID |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegCloseKey |
Handle => 0x000003cc |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x000003c8 SubKey => Domains\blank |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\blank |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegOpenKeyExA |
Handle => 0x000003cc Registry => 0x000003c8 SubKey => ProtocolDefaults\ |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003cc DataLength => 4 ValueName => about Type => 1241668 |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegOpenKeyExA |
Handle => 0x000003d0 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults\ |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003d0 DataLength => 4 ValueName => about Type => 1241668 |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003cc DataLength => 4 ValueName => * Type => 1241668 |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003d0 DataLength => 4 ValueName => * Type => 1241668 |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegCloseKey |
Handle => 0x000003d0 |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegCloseKey |
Handle => 0x000003cc |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegOpenKeyExA |
Handle => 0x000003cc Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegOpenKeyExA |
Handle => 0x000003d0 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => ProgIDFromCLSID FunctionAddress => 0x77553f02 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegOpenKeyExW |
Handle => 0x000003da Registry => 0x000003be SubKey => CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13} |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegOpenKeyExW |
Handle => 0x000003de Registry => 0x000003da SubKey => Progid |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003de Data => h\x00t\x00m\x00l\x00f\x00i\x00l\x00e\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegCloseKey |
Handle => 0x000003de |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegCloseKey |
Handle => 0x000003da |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegOpenKeyExA |
Handle => 0x000003d8 Registry => 0x80000001 SubKey => Software\Microsoft\windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003d8 DataLength => 4 ValueName => UrlEncoding Type => 1257144 |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegOpenKeyExA |
Handle => 0x000003dc Registry => 0x80000002 SubKey => Software\Microsoft\windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc DataLength => 22 ValueName => UrlEncoding Type => 1 |
FAILURE | 0x000000ea | |
| 18:34:36,740 | 588 | RegCloseKey |
Handle => 0x000003dc |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegCloseKey |
Handle => 0x000003d8 |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegOpenKeyExW |
Handle => 0x000003d8 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003d8 DataLength => 50 ValueName => Show_FullURL Type => 1252312 |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003d8 DataLength => 50 ValueName => SmartDithering Type => 1252312 |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003d8 DataLength => 4 ValueName => RtfConverterFlags Type => 1252312 |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegOpenKeyExW |
Handle => 0x000003dc Registry => 0x000003d8 SubKey => Main |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc DataLength => 50 ValueName => Page_Transitions Type => 1252312 |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc Data => y\x00e\x00s\x00\x00\x00 ValueName => Use_DlgBox_Colors |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc Data => y\x00e\x00s\x00\x00\x00 ValueName => Anchor Underline |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc DataLength => 50 ValueName => CSS_Compat Type => 1252312 |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc DataLength => 50 ValueName => Expand Alt Text Type => 1252312 |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc Data => y\x00e\x00s\x00\x00\x00 ValueName => Display Inline Images |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc DataLength => 50 ValueName => Display Inline Videos Type => 1252312 |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc DataLength => 50 ValueName => Play_Background_Sounds Type => 1252312 |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc DataLength => 50 ValueName => Play_Animations Type => 1252312 |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc DataLength => 50 ValueName => Print_Background Type => 1252312 |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc DataLength => 50 ValueName => Use Stylesheets Type => 1252312 |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc DataLength => 50 ValueName => SmoothScroll Type => 1252312 |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc DataLength => 50 ValueName => Show image placeholders Type => 1252312 |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc Data => y\x00e\x00s\x00\x00\x00 ValueName => Disable Script Debugger |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc DataLength => 50 ValueName => DisableScriptDebuggerIE Type => 1252312 |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc DataLength => 50 ValueName => Move System Caret Type => 1252312 |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc DataLength => 50 ValueName => Force Offscreen Composition Type => 1252312 |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc DataLength => 50 ValueName => Enable AutoImageResize Type => 1252312 |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc DataLength => 50 ValueName => Q051873 Type => 1252312 |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc DataLength => 50 ValueName => UseThemes Type => 1252312 |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc DataLength => 50 ValueName => UseHR Type => 1252312 |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc DataLength => 50 ValueName => Q300829 Type => 1252312 |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc DataLength => 50 ValueName => Disable_Local_Machine_Navigate Type => 1252312 |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc DataLength => 50 ValueName => Cleanup HTCs Type => 1252312 |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc DataLength => 50 ValueName => Q331869 Type => 1252312 |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc DataLength => 50 ValueName => AlwaysAllowExecCommand Type => 1252312 |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegCloseKey |
Handle => 0x000003dc |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegOpenKeyExW |
Handle => 0x000003dc Registry => 0x000003d8 SubKey => International |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc DataLength => 4 ValueName => Default_CodePage Type => 1252312 |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc DataLength => 50 ValueName => AutoDetect Type => 1252312 |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegCloseKey |
Handle => 0x000003dc |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegOpenKeyExW |
Handle => 0x000003dc Registry => 0x000003d8 SubKey => International\Scripts |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc DataLength => 50 ValueName => Default_IEFontSize Type => 1252312 |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegCloseKey |
Handle => 0x000003dc |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegOpenKeyExW |
Handle => 0x000003dc Registry => 0x000003d8 SubKey => Settings |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc Data => 0\x00,\x000\x00,\x002\x005\x005\x00\x00\x00 ValueName => Anchor Color |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc Data => 1\x002\x008\x00,\x000\x00,\x001\x002\x008\x00\x00\x00 ValueName => Anchor Color Visited |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc DataLength => 50 ValueName => Anchor Color Hover Type => 1252312 |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc DataLength => 50 ValueName => Always Use My Colors Type => 1252312 |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc DataLength => 50 ValueName => Always Use My Font Size Type => 1252312 |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc DataLength => 50 ValueName => Always Use My Font Face Type => 1252312 |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc Data => N\x00o\x00\x00\x00 ValueName => Use Anchor Hover Color |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc DataLength => 4 ValueName => MiscFlags Type => 1252312 |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegCloseKey |
Handle => 0x000003dc |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003d8 SubKey => Styles |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegCloseKey |
Handle => 0x000003d8 |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegOpenKeyExW |
Handle => 0x000003d8 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003d8 SubKey => Policies\ActiveDesktop |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegOpenKeyExW |
Handle => 0x000003dc Registry => 0x000003d8 SubKey => Policies |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc DataLength => 50 ValueName => Allow Programmatic Cut_Copy_Paste Type => 1252312 |
FAILURE | 0x00000002 | |
| 18:34:36,740 | 588 | RegCloseKey |
Handle => 0x000003dc |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegOpenKeyExW |
Handle => 0x000003dc Registry => 0x000003d8 SubKey => Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:36,740 | 588 | RegQueryValueExW |
Handle => 0x000003dc DataLength => 50 ValueName => DisableCachingOfSSLPages Type => 1252312 |
FAILURE | 0x00000002 | |
| 18:34:36,750 | 588 | RegCloseKey |
Handle => 0x000003dc |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegCloseKey |
Handle => 0x000003d8 |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => EXPLORER.EXE |
FAILURE | 3221225781 | 1 time |
| 18:34:36,750 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00400000 FileName => IEXPLORE.EXE |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegOpenKeyExW |
Handle => 0x000003d8 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003d8 SubKey => MenuExt |
FAILURE | 0x00000002 | |
| 18:34:36,750 | 588 | RegCloseKey |
Handle => 0x000003d8 |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegOpenKeyExW |
Handle => 0x000003d8 Registry => 0x80000002 SubKey => System\CurrentControlSet\Control\Nls\CodePage |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegQueryValueExW |
Handle => 0x000003d8 Data => c\x00_\x009\x005\x000\x00.\x00n\x00l\x00s\x00\x00\x00 ValueName => 950 |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegCloseKey |
Handle => 0x000003d8 |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegOpenKeyExW |
Handle => 0x000003d8 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegOpenKeyExW |
Handle => 0x000003dc Registry => 0x000003d8 SubKey => International\Scripts\3 |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegQueryValueExW |
Handle => 0x000003dc DataLength => 50 ValueName => IEFontSize Type => 1252324 |
FAILURE | 0x00000002 | |
| 18:34:36,750 | 588 | RegQueryValueExW |
Handle => 0x000003dc Data => T\x00i\x00m\x00e\x00s\x00 \x00N\x00e\x00w\x00 \x00R\x00o\x00m\x00a\x00n\x00\x00\x00 ValueName => IEPropFontName |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegQueryValueExW |
Handle => 0x000003dc Data => C\x00o\x00u\x00r\x00i\x00e\x00r\x00 \x00N\x00e\x00w\x00\x00\x00 ValueName => IEFixedFontName |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegCloseKey |
Handle => 0x000003dc |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegCloseKey |
Handle => 0x000003d8 |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegOpenKeyExA |
Handle => 0x000003d8 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\International |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegQueryValueExA |
Handle => 0x000003d8 DataLength => 256 ValueName => AcceptLanguage Type => 984 |
FAILURE | 0x00000002 | |
| 18:34:36,750 | 588 | RegCloseKey |
Handle => 0x000003d8 |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegOpenKeyExW |
Handle => 0x000003d8 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Version Vector |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegEnumValueW |
Index => 0 Handle => 0x000003d8 Data => 1\x00.\x000\x00\x00\x00 ValueName => VML |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegEnumValueW |
Index => 1 Handle => 0x000003d8 Data => 6\x00.\x000\x000\x000\x000\x00\x00\x00 ValueName => IE |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegEnumValueW |
Index => 2 Handle => 0x000003d8 DataLength => 256 ValueName => IE Type => 1256820 |
FAILURE | 0x00000103 | |
| 18:34:36,750 | 588 | RegCloseKey |
Handle => 0x000003d8 |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CreateURLMoniker FunctionAddress => 0x7e1ed381 ModuleHandle => 0x7e1e0000 |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Classes\PROTOCOLS\Handler\res |
FAILURE | 0x00000002 | |
| 18:34:36,750 | 588 | RegOpenKeyExA |
Handle => 0x000003d8 Registry => 0x80000002 SubKey => SOFTWARE\Classes\PROTOCOLS\Handler\res |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegQueryValueExA |
Handle => 0x000003d8 Data => {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}\x00 ValueName => CLSID |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegCloseKey |
Handle => 0x000003d8 |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Classes\PROTOCOLS\Handler\res |
FAILURE | 0x00000002 | |
| 18:34:36,750 | 588 | RegOpenKeyExA |
Handle => 0x000003d8 Registry => 0x80000002 SubKey => SOFTWARE\Classes\PROTOCOLS\Handler\res |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegQueryValueExA |
Handle => 0x000003d8 Data => {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}\x00 ValueName => CLSID |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegCloseKey |
Handle => 0x000003d8 |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Classes\PROTOCOLS\Handler\res |
FAILURE | 0x00000002 | |
| 18:34:36,750 | 588 | RegOpenKeyExA |
Handle => 0x000003d8 Registry => 0x80000002 SubKey => SOFTWARE\Classes\PROTOCOLS\Handler\res |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegQueryValueExA |
Handle => 0x000003d8 Data => {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}\x00 ValueName => CLSID |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegCloseKey |
Handle => 0x000003d8 |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Classes\PROTOCOLS\Handler\about |
FAILURE | 0x00000002 | |
| 18:34:36,750 | 588 | RegOpenKeyExA |
Handle => 0x000003d8 Registry => 0x80000002 SubKey => SOFTWARE\Classes\PROTOCOLS\Handler\about |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegQueryValueExA |
Handle => 0x000003d8 Data => {3050F406-98B5-11CF-BB82-00AA00BDCE0B}\x00 ValueName => CLSID |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegCloseKey |
Handle => 0x000003d8 |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Classes\PROTOCOLS\Handler\about |
FAILURE | 0x00000002 | |
| 18:34:36,750 | 588 | RegOpenKeyExA |
Handle => 0x000003d8 Registry => 0x80000002 SubKey => SOFTWARE\Classes\PROTOCOLS\Handler\about |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegQueryValueExA |
Handle => 0x000003d8 Data => {3050F406-98B5-11CF-BB82-00AA00BDCE0B}\x00 ValueName => CLSID |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegCloseKey |
Handle => 0x000003d8 |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:34:36,750 | 588 | LdrGetProcedureAddress |
Ordinal => 8 FunctionName => FunctionAddress => 0x77124950 ModuleHandle => 0x77120000 |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Classes\PROTOCOLS\Handler\res |
FAILURE | 0x00000002 | |
| 18:34:36,750 | 588 | RegOpenKeyExA |
Handle => 0x000003d8 Registry => 0x80000002 SubKey => SOFTWARE\Classes\PROTOCOLS\Handler\res |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegQueryValueExA |
Handle => 0x000003d8 Data => {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}\x00 ValueName => CLSID |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegCloseKey |
Handle => 0x000003d8 |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoInternetGetSession FunctionAddress => 0x7e1ecb90 ModuleHandle => 0x7e1e0000 |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegOpenKeyExA |
Handle => 0x000003d8 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
FAILURE | 0x00000002 | |
| 18:34:36,750 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
FAILURE | 0x00000002 | |
| 18:34:36,750 | 588 | RegOpenKeyExA |
Handle => 0x000003dc Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | LdrLoadDll |
Flags => 1256036 BaseAddress => 0x7e1e0000 FileName => URLMON.DLL |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RegisterFormatEnumerator FunctionAddress => 0x7e1f5c12 ModuleHandle => 0x7e1e0000 |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RegisterBindStatusCallback FunctionAddress => 0x7e1f5b9b ModuleHandle => 0x7e1e0000 |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegOpenKeyExW |
Handle => 0x000003e0 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:36,750 | 588 | RegQueryValueExW |
Handle => 0x000003e0 DataLength => 4 ValueName => Security_HKLM_only Type => 1251032 |
FAILURE | 0x00000002 | |
| 18:34:36,760 | 588 | RegCloseKey |
Handle => 0x000003e0 |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:36,760 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:36,760 | 588 | RegOpenKeyExW |
Handle => 0x000003e0 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:36,760 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003e0 SubKey => FEATURE_TEMPORARYFILES_FOR_NOCACHE_840386 |
FAILURE | 0x00000002 | |
| 18:34:36,760 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 18:34:36,760 | 588 | RegCloseKey |
Handle => 0x000003e0 |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 18:34:36,760 | 588 | FindWindowW |
ClassName => MS_AutodialMonitor WindowName => |
FAILURE | 0x00000000 | |
| 18:34:36,760 | 588 | FindWindowW |
ClassName => MS_WebcheckMonitor WindowName => |
SUCCESS | 0x000100a8 | |
| 18:34:36,760 | 588 | CreateThread |
ThreadId => 512 StartRoutine => 0x7dd1722f Parameter => 0x01af2d30 CreationFlags => 0 |
SUCCESS | 0x000003e4 | |
| 18:34:36,760 | 588 | RegOpenKeyExA |
Handle => 0x000003e8 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\New Windows |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegQueryValueExW |
Handle => 0x000003e8 DataLength => 520 ValueName => PopupMgr Type => 1248968 |
FAILURE | 0x00000002 | |
| 18:34:36,760 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\New Windows |
FAILURE | 0x00000002 | |
| 18:34:36,760 | 588 | RegCloseKey |
Handle => 0x000003e8 |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoGetClassObject FunctionAddress => 0x775156c5 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegOpenKeyExW |
Handle => 0x000003e8 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegQueryValueExW |
Handle => 0x000003e8 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegCloseKey |
Handle => 0x000003e8 |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegOpenKeyExW |
Handle => 0x000003e8 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegQueryValueExW |
Handle => 0x000003e8 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegCloseKey |
Handle => 0x000003e8 |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegOpenKeyExW |
Handle => 0x000003ea Registry => 0x000000e6 SubKey => CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4} |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ea SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:36,760 | 588 | RegOpenKeyExW |
Handle => 0x000003ee Registry => 0x000000e6 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegCloseKey |
Handle => 0x000003ea |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegOpenKeyExW |
Handle => 0x000003ea Registry => 0x000003ee SubKey => CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4} |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegOpenKeyExW |
Handle => 0x000003f2 Registry => 0x000003ea SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegQueryValueExW |
Handle => 0x000003f2 DataLength => 1000 ValueName => InprocServer32 Type => 1568064 |
FAILURE | 0x00000002 | |
| 18:34:36,760 | 588 | RegCloseKey |
Handle => 0x000003f2 |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ea SubKey => InprocServerX86 |
FAILURE | 0x00000002 | |
| 18:34:36,760 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ea SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:36,760 | 588 | RegOpenKeyExW |
Handle => 0x000003f2 Registry => 0x000003ea SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegQueryValueExW |
Handle => 0x000003f2 Data => C\x00:\x00\\x00W\x00I\x00N\x00D\x00O\x00W\x00S\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00u\x00r\x00l\x00m\x00o\x00n\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegCloseKey |
Handle => 0x000003f2 |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ea SubKey => InprocHandler32 |
FAILURE | 0x00000002 | |
| 18:34:36,760 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ea SubKey => InprocHandlerX86 |
FAILURE | 0x00000002 | |
| 18:34:36,760 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ea SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:36,760 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ea SubKey => LocalServer |
FAILURE | 0x00000002 | |
| 18:34:36,760 | 588 | RegOpenKeyExW |
Handle => 0x000003f2 Registry => 0x000003ee SubKey => CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4} |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegQueryValueExW |
Handle => 0x000003f2 DataLength => 100 ValueName => AppID Type => 1248564 |
FAILURE | 0x00000002 | |
| 18:34:36,760 | 588 | RegCloseKey |
Handle => 0x000003f2 |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegCloseKey |
Handle => 0x000003ea |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegOpenKeyExW |
Handle => 0x000003ea Registry => 0x000003ee SubKey => CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4} |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegOpenKeyExW |
Handle => 0x000003f2 Registry => 0x000003ea SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegQueryValueExW |
Handle => 0x000003f2 Data => B\x00o\x00t\x00h\x00\x00\x00 ValueName => ThreadingModel |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegCloseKey |
Handle => 0x000003f2 |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegCloseKey |
Handle => 0x000003ea |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegOpenKeyExW |
Handle => 0x000003ea Registry => 0x80000000 SubKey => CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4} |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003ea SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:36,760 | 588 | RegCloseKey |
Handle => 0x000003ea |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegOpenKeyExA |
Handle => 0x000003ea Registry => 0x80000000 SubKey => CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InProcServer32 |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegQueryValueExW |
Handle => 0x000003ea Data => C\x00:\x00\\x00W\x00I\x00N\x00D\x00O\x00W\x00S\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00u\x00r\x00l\x00m\x00o\x00n\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | LdrLoadDll |
Flags => 1248116 BaseAddress => 0x7e1e0000 FileName => C:\WINDOWS\system32\urlmon.dll |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegCloseKey |
Handle => 0x000003ea |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegOpenKeyExA |
Handle => 0x000003e8 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
FAILURE | 0x00000002 | |
| 18:34:36,760 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
FAILURE | 0x00000002 | |
| 18:34:36,760 | 588 | RegOpenKeyExA |
Handle => 0x000003f0 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x000003f0 SubKey => Domains\internet |
FAILURE | 0x00000002 | |
| 18:34:36,760 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet |
FAILURE | 0x00000002 | |
| 18:34:36,760 | 588 | RegOpenKeyExA |
Handle => 0x000003f4 Registry => 0x000003f0 SubKey => ProtocolDefaults\ |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegQueryValueExW |
Handle => 0x000003f4 DataLength => 4 ValueName => about Type => 1248760 |
FAILURE | 0x00000002 | |
| 18:34:36,760 | 588 | RegOpenKeyExA |
Handle => 0x000003f8 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults\ |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegQueryValueExW |
Handle => 0x000003f8 DataLength => 4 ValueName => about Type => 1248760 |
FAILURE | 0x00000002 | |
| 18:34:36,760 | 588 | RegQueryValueExW |
Handle => 0x000003f4 DataLength => 4 ValueName => * Type => 1248760 |
FAILURE | 0x00000002 | |
| 18:34:36,760 | 588 | RegQueryValueExW |
Handle => 0x000003f8 DataLength => 4 ValueName => * Type => 1248760 |
FAILURE | 0x00000002 | |
| 18:34:36,760 | 588 | RegCloseKey |
Handle => 0x000003f8 |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegCloseKey |
Handle => 0x000003f4 |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegOpenKeyExA |
Handle => 0x000003f4 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegQueryValueExW |
Handle => 0x000003f4 Data => 0 ValueName => 1809 |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegCloseKey |
Handle => 0x000003f4 |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegCloseKey |
Handle => 0x000003f0 |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegCloseKey |
Handle => 0x000003e8 |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegOpenKeyExA |
Handle => 0x000003e8 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\New Windows |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegQueryValueExW |
Handle => 0x000003e8 DataLength => 520 ValueName => BlockUserInit Type => 1248940 |
FAILURE | 0x00000002 | |
| 18:34:36,760 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\New Windows |
FAILURE | 0x00000002 | |
| 18:34:36,760 | 588 | RegCloseKey |
Handle => 0x000003e8 |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegOpenKeyExA |
Handle => 0x000003e8 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\New Windows |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegQueryValueExW |
Handle => 0x000003e8 DataLength => 520 ValueName => BlockUserInit Type => 1248940 |
FAILURE | 0x00000002 | |
| 18:34:36,760 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\New Windows |
FAILURE | 0x00000002 | |
| 18:34:36,760 | 588 | RegCloseKey |
Handle => 0x000003e8 |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegOpenKeyExA |
Handle => 0x000003e8 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\New Windows |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegQueryValueExW |
Handle => 0x000003e8 DataLength => 520 ValueName => UseTimerMethod Type => 1248940 |
FAILURE | 0x00000002 | |
| 18:34:36,760 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\New Windows |
FAILURE | 0x00000002 | |
| 18:34:36,760 | 588 | RegCloseKey |
Handle => 0x000003e8 |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegOpenKeyExA |
Handle => 0x000003e8 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\New Windows |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegQueryValueExW |
Handle => 0x000003e8 DataLength => 520 ValueName => UseHooks Type => 1248940 |
FAILURE | 0x00000002 | |
| 18:34:36,760 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\New Windows |
FAILURE | 0x00000002 | |
| 18:34:36,760 | 588 | RegCloseKey |
Handle => 0x000003e8 |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegOpenKeyExA |
Handle => 0x000003e8 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\New Windows |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | RegQueryValueExW |
Handle => 0x000003e8 DataLength => 520 ValueName => AllowHTTPS Type => 1248940 |
FAILURE | 0x00000002 | |
| 18:34:36,760 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\New Windows |
FAILURE | 0x00000002 | |
| 18:34:36,760 | 588 | RegCloseKey |
Handle => 0x000003e8 |
SUCCESS | 0x00000000 | |
| 18:34:36,760 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => ReleaseBindInfo FunctionAddress => 0x7e1ed7b7 ModuleHandle => 0x7e1e0000 |
SUCCESS | 0x00000000 | |
| 18:34:36,770 | 588 | LdrGetProcedureAddress |
Ordinal => 9 FunctionName => FunctionAddress => 0x771248f0 ModuleHandle => 0x77120000 |
SUCCESS | 0x00000000 | |
| 18:34:36,790 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => InternetCloseHandle FunctionAddress => 0x771c4d8c ModuleHandle => 0x771b0000 |
SUCCESS | 0x00000000 | |
| 18:34:36,790 | 588 | InternetCloseHandle |
InternetHandle => 0x00cc000c |
SUCCESS | 0x00000001 | |
| 18:34:36,790 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => InternetCloseHandle FunctionAddress => 0x771c4d8c ModuleHandle => 0x771b0000 |
SUCCESS | 0x00000000 | |
| 18:34:36,790 | 588 | InternetCloseHandle |
InternetHandle => 0x00cc0008 |
SUCCESS | 0x00000001 | |
| 18:34:36,790 | 588 | RegOpenKeyExW |
Handle => 0x000003e8 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:36,790 | 588 | RegQueryValueExW |
Handle => 0x000003e8 DataLength => 4 ValueName => Security_HKLM_only Type => 1304316 |
FAILURE | 0x00000002 | |
| 18:34:36,790 | 588 | RegCloseKey |
Handle => 0x000003e8 |
SUCCESS | 0x00000000 | |
| 18:34:36,790 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:36,790 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:36,790 | 588 | RegOpenKeyExW |
Handle => 0x000003e8 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 18:34:36,790 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:36,790 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003e8 SubKey => FEATURE_HANDLE_RELEASED_PROTOCOL_KB942169 |
FAILURE | 0x00000002 | |
| 18:34:36,790 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 18:34:36,790 | 588 | RegCloseKey |
Handle => 0x000003e8 |
SUCCESS | 0x00000000 | |
| 18:34:36,790 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 18:34:36,790 | 588 | LdrLoadDll |
Flags => 1301868 BaseAddress => 0x71800000 FileName => C:\WINDOWS\system32\shdoclc.dll |
SUCCESS | 0x00000000 | |
| 18:34:36,790 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoInternetCombineUrl FunctionAddress => 0x7e1f6485 ModuleHandle => 0x7e1e0000 |
SUCCESS | 0x00000000 | |
| 18:34:36,790 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:34:36,790 | 588 | GetSystemMetrics |
SystemMetricIndex => 4096 |
SUCCESS | 0x00000000 | |
| 18:34:36,790 | 588 | RegOpenKeyExW |
Handle => 0x000003e8 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:36,800 | 588 | RegQueryValueExW |
Handle => 0x000003e8 DataLength => 4 ValueName => Security_HKLM_only Type => 1301004 |
FAILURE | 0x00000002 | |
| 18:34:36,800 | 588 | RegCloseKey |
Handle => 0x000003e8 |
SUCCESS | 0x00000000 | |
| 18:34:36,800 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:36,800 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:36,800 | 588 | RegOpenKeyExW |
Handle => 0x000003e8 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 18:34:36,800 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:36,800 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003e8 SubKey => FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING_KB912120 |
FAILURE | 0x00000002 | |
| 18:34:36,800 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 18:34:36,800 | 588 | RegCloseKey |
Handle => 0x000003e8 |
SUCCESS | 0x00000000 | |
| 18:34:36,800 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 18:34:36,800 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x000003c8 SubKey => Domains\internet |
FAILURE | 0x00000002 | |
| 18:34:36,800 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet |
FAILURE | 0x00000002 | |
| 18:34:36,800 | 588 | RegOpenKeyExA |
Handle => 0x000003e8 Registry => 0x000003c8 SubKey => ProtocolDefaults\ |
SUCCESS | 0x00000000 | |
| 18:34:36,800 | 588 | RegQueryValueExW |
Handle => 0x000003e8 DataLength => 4 ValueName => about Type => 1291520 |
FAILURE | 0x00000002 | |
| 18:34:36,800 | 588 | RegOpenKeyExA |
Handle => 0x000003f0 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults\ |
SUCCESS | 0x00000000 | |
| 18:34:36,800 | 588 | RegQueryValueExW |
Handle => 0x000003f0 DataLength => 4 ValueName => about Type => 1291520 |
FAILURE | 0x00000002 | |
| 18:34:36,800 | 588 | RegQueryValueExW |
Handle => 0x000003e8 DataLength => 4 ValueName => * Type => 1291520 |
FAILURE | 0x00000002 | |
| 18:34:36,800 | 588 | RegQueryValueExW |
Handle => 0x000003f0 DataLength => 4 ValueName => * Type => 1291520 |
FAILURE | 0x00000002 | |
| 18:34:36,800 | 588 | RegCloseKey |
Handle => 0x000003f0 |
SUCCESS | 0x00000000 | |
| 18:34:36,800 | 588 | RegCloseKey |
Handle => 0x000003e8 |
SUCCESS | 0x00000000 | |
| 18:34:36,800 | 588 | RegOpenKeyExW |
Handle => 0x000003e8 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:36,800 | 588 | RegQueryValueExW |
Handle => 0x000003e8 DataLength => 4 ValueName => Security_HKLM_only Type => 1301572 |
FAILURE | 0x00000002 | |
| 18:34:36,800 | 588 | RegCloseKey |
Handle => 0x000003e8 |
SUCCESS | 0x00000000 | |
| 18:34:36,800 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:36,810 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:36,810 | 588 | RegOpenKeyExW |
Handle => 0x000003e8 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 18:34:36,810 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:36,810 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003e8 SubKey => FEATURE_OPTIONS_BACKGROUNDCOLOR_KB843516 |
FAILURE | 0x00000002 | |
| 18:34:36,810 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 18:34:36,810 | 588 | RegCloseKey |
Handle => 0x000003e8 |
SUCCESS | 0x00000000 | |
| 18:34:36,810 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 18:34:36,810 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => OUTLOOK.EXE |
FAILURE | 3221225781 | 1 time |
| 18:34:36,810 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => MSIMN.EXE |
FAILURE | 3221225781 | 1 time |
| 18:34:36,810 | 588 | RegOpenKeyExA |
Handle => 0x000003e8 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
SUCCESS | 0x00000000 | |
| 18:34:36,810 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
FAILURE | 0x00000002 | |
| 18:34:36,810 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
FAILURE | 0x00000002 | |
| 18:34:36,810 | 588 | RegOpenKeyExA |
Handle => 0x000003f0 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
SUCCESS | 0x00000000 | |
| 18:34:36,810 | 588 | RegCloseKey |
Handle => 0x000003f0 |
SUCCESS | 0x00000000 | |
| 18:34:36,810 | 588 | RegCloseKey |
Handle => 0x000003e8 |
SUCCESS | 0x00000000 | |
| 18:34:36,810 | 588 | LdrGetDllHandle |
ModuleHandle => 0x71800000 FileName => shdoclc.dll |
SUCCESS | 0x00000000 | |
| 18:34:36,810 | 588 | LdrLoadDll |
Flags => 1281592 BaseAddress => 0x71800000 FileName => shdoclc.dll |
SUCCESS | 0x00000000 | |
| 18:34:36,810 | 588 | RegOpenKeyExA |
Handle => 0x000003ea Registry => 0x80000000 SubKey => .gif |
SUCCESS | 0x00000000 | |
| 18:34:36,810 | 588 | RegQueryValueExA |
Handle => 0x000003ea Data => image/gif\x00 ValueName => Content Type |
SUCCESS | 0x00000000 | |
| 18:34:36,810 | 588 | RegCloseKey |
Handle => 0x000003ea |
SUCCESS | 0x00000000 | |
| 18:34:36,810 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Classes\PROTOCOLS\Filter\image/gif |
FAILURE | 0x00000002 | |
| 18:34:36,810 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => SOFTWARE\Classes\PROTOCOLS\Filter\image/gif |
FAILURE | 0x00000002 | |
| 18:34:36,840 | 588 | CreateThread |
ThreadId => 500 StartRoutine => 0x7dd1722f Parameter => 0x01af6560 CreationFlags => 0 |
SUCCESS | 0x000003f0 | |
| 18:34:36,840 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => OUTLOOK.EXE |
FAILURE | 3221225781 | 1 time |
| 18:34:36,840 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => MSIMN.EXE |
FAILURE | 3221225781 | 1 time |
| 18:34:36,840 | 588 | RegOpenKeyExA |
Handle => 0x000003f4 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
SUCCESS | 0x00000000 | |
| 18:34:36,840 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
FAILURE | 0x00000002 | |
| 18:34:36,840 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
FAILURE | 0x00000002 | |
| 18:34:36,840 | 588 | RegOpenKeyExA |
Handle => 0x000003f8 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
SUCCESS | 0x00000000 | |
| 18:34:36,840 | 588 | RegCloseKey |
Handle => 0x000003f8 |
SUCCESS | 0x00000000 | |
| 18:34:36,840 | 588 | RegCloseKey |
Handle => 0x000003f4 |
SUCCESS | 0x00000000 | |
| 18:34:36,840 | 588 | LdrGetDllHandle |
ModuleHandle => 0x20000000 FileName => xpsp3res.dll |
SUCCESS | 0x00000000 | |
| 18:34:36,840 | 588 | LdrLoadDll |
Flags => 1281592 BaseAddress => 0x20000000 FileName => xpsp3res.dll |
SUCCESS | 0x00000000 | |
| 18:34:36,840 | 588 | RegOpenKeyExA |
Handle => 0x000003f6 Registry => 0x80000000 SubKey => .gif |
SUCCESS | 0x00000000 | |
| 18:34:36,840 | 588 | RegQueryValueExA |
Handle => 0x000003f6 Data => image/gif\x00 ValueName => Content Type |
SUCCESS | 0x00000000 | |
| 18:34:36,840 | 588 | RegCloseKey |
Handle => 0x000003f6 |
SUCCESS | 0x00000000 | |
| 18:34:36,840 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Classes\PROTOCOLS\Filter\image/gif |
FAILURE | 0x00000002 | |
| 18:34:36,840 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => SOFTWARE\Classes\PROTOCOLS\Filter\image/gif |
FAILURE | 0x00000002 | |
| 18:34:36,850 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => OUTLOOK.EXE |
FAILURE | 3221225781 | 1 time |
| 18:34:36,850 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => MSIMN.EXE |
FAILURE | 3221225781 | 1 time |
| 18:34:36,850 | 588 | RegOpenKeyExA |
Handle => 0x000003f4 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
SUCCESS | 0x00000000 | |
| 18:34:36,850 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
FAILURE | 0x00000002 | |
| 18:34:36,850 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
FAILURE | 0x00000002 | |
| 18:34:36,850 | 588 | RegOpenKeyExA |
Handle => 0x000003f8 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
SUCCESS | 0x00000000 | |
| 18:34:36,850 | 588 | RegCloseKey |
Handle => 0x000003f8 |
SUCCESS | 0x00000000 | |
| 18:34:36,850 | 588 | RegCloseKey |
Handle => 0x000003f4 |
SUCCESS | 0x00000000 | |
| 18:34:36,850 | 588 | LdrGetDllHandle |
ModuleHandle => 0x71800000 FileName => shdoclc.dll |
SUCCESS | 0x00000000 | |
| 18:34:36,850 | 588 | LdrLoadDll |
Flags => 1281592 BaseAddress => 0x71800000 FileName => shdoclc.dll |
SUCCESS | 0x00000000 | |
| 18:34:36,850 | 588 | RegOpenKeyExA |
Handle => 0x000003f6 Registry => 0x80000000 SubKey => .gif |
SUCCESS | 0x00000000 | |
| 18:34:36,850 | 588 | RegQueryValueExA |
Handle => 0x000003f6 Data => image/gif\x00 ValueName => Content Type |
SUCCESS | 0x00000000 | |
| 18:34:36,850 | 588 | RegCloseKey |
Handle => 0x000003f6 |
SUCCESS | 0x00000000 | |
| 18:34:36,850 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Classes\PROTOCOLS\Filter\image/gif |
FAILURE | 0x00000002 | |
| 18:34:36,850 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => SOFTWARE\Classes\PROTOCOLS\Filter\image/gif |
FAILURE | 0x00000002 | |
| 18:34:36,850 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => OUTLOOK.EXE |
FAILURE | 3221225781 | 1 time |
| 18:34:36,850 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => MSIMN.EXE |
FAILURE | 3221225781 | 1 time |
| 18:34:36,850 | 588 | RegOpenKeyExA |
Handle => 0x000003f4 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
SUCCESS | 0x00000000 | |
| 18:34:36,850 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
FAILURE | 0x00000002 | |
| 18:34:36,850 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
FAILURE | 0x00000002 | |
| 18:34:36,850 | 588 | RegOpenKeyExA |
Handle => 0x000003f8 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
SUCCESS | 0x00000000 | |
| 18:34:36,850 | 588 | RegCloseKey |
Handle => 0x000003f8 |
SUCCESS | 0x00000000 | |
| 18:34:36,850 | 588 | RegCloseKey |
Handle => 0x000003f4 |
SUCCESS | 0x00000000 | |
| 18:34:36,850 | 588 | LdrGetDllHandle |
ModuleHandle => 0x71800000 FileName => shdoclc.dll |
SUCCESS | 0x00000000 | |
| 18:34:36,850 | 588 | LdrLoadDll |
Flags => 1281592 BaseAddress => 0x71800000 FileName => shdoclc.dll |
SUCCESS | 0x00000000 | |
| 18:34:36,850 | 588 | RegOpenKeyExA |
Handle => 0x000003f6 Registry => 0x80000000 SubKey => .gif |
SUCCESS | 0x00000000 | |
| 18:34:36,850 | 588 | RegQueryValueExA |
Handle => 0x000003f6 Data => image/gif\x00 ValueName => Content Type |
SUCCESS | 0x00000000 | |
| 18:34:36,850 | 588 | RegCloseKey |
Handle => 0x000003f6 |
SUCCESS | 0x00000000 | |
| 18:34:36,850 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Classes\PROTOCOLS\Filter\image/gif |
FAILURE | 0x00000002 | |
| 18:34:36,850 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => SOFTWARE\Classes\PROTOCOLS\Filter\image/gif |
FAILURE | 0x00000002 | |
| 18:34:36,850 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\windows\CurrentVersion\Internet Settings\Url History |
FAILURE | 0x00000002 | |
| 18:34:36,850 | 588 | RegOpenKeyExW |
Handle => 0x000003f4 Registry => 0x80000002 SubKey => Software\Microsoft\windows\CurrentVersion\Internet Settings\Url History |
SUCCESS | 0x00000000 | |
| 18:34:36,850 | 588 | RegQueryValueExW |
Handle => 0x000003f4 Data => ValueName => DaysToKeep |
SUCCESS | 0x00000000 | |
| 18:34:36,850 | 588 | RegCloseKey |
Handle => 0x000003f4 |
SUCCESS | 0x00000000 | |
| 18:34:36,850 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetUserNameExW FunctionAddress => 0x77fe1c70 ModuleHandle => 0x77fe0000 |
SUCCESS | 0x00000000 | |
| 18:34:36,850 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetUrlCacheEntryInfoExW FunctionAddress => 0x771d6866 ModuleHandle => 0x771b0000 |
SUCCESS | 0x00000000 | |
| 18:34:36,850 | 588 | NtQueryInformationFile |
FileHandle => 0x00000174 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:36,850 | 588 | NtQueryInformationFile |
FileHandle => 0x0000018c FileInformation => \x00\x80\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:36,850 | 588 | LdrGetProcedureAddress |
Ordinal => 2 FunctionName => FunctionAddress => 0x77124ba2 ModuleHandle => 0x77120000 |
SUCCESS | 0x00000000 | |
| 18:34:36,850 | 588 | RegOpenKeyExA |
Handle => 0x000003f6 Registry => 0x80000000 SubKey => http |
SUCCESS | 0x00000000 | |
| 18:34:36,850 | 588 | RegQueryValueExA |
Handle => 0x000003f6 DataLength => 39 ValueName => ShellFolder Type => 1014 |
FAILURE | 0x00000002 | |
| 18:34:36,850 | 588 | RegCloseKey |
Handle => 0x000003f6 |
SUCCESS | 0x00000000 | |
| 18:34:36,850 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{871C5380-42A0-1069-A2EA-08002B30309D} |
FAILURE | 0x00000002 | |
| 18:34:36,850 | 588 | RegOpenKeyExW |
Handle => 0x000003f6 Registry => 0x80000000 SubKey => CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32 |
SUCCESS | 0x00000000 | |
| 18:34:36,850 | 588 | RegQueryValueExW |
Handle => 0x000003f6 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00s\x00h\x00d\x00o\x00c\x00v\x00w\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:36,850 | 588 | RegQueryValueExW |
Handle => 0x000003f6 DataLength => 0 ValueName => LoadWithoutCOM Type => 0 |
FAILURE | 0x00000002 | |
| 18:34:36,850 | 588 | RegCloseKey |
Handle => 0x000003f6 |
SUCCESS | 0x00000000 | |
| 18:34:36,860 | 588 | RegQueryValueExW |
Handle => 0x00000310 DataLength => 0 ValueName => {871C5380-42A0-1069-A2EA-08002B30309D} Type => 0 |
FAILURE | 0x00000002 | |
| 18:34:36,860 | 588 | RegQueryValueExW |
Handle => 0x00000334 DataLength => 0 ValueName => {871C5380-42A0-1069-A2EA-08002B30309D} Type => 0 |
FAILURE | 0x00000002 | |
| 18:34:36,860 | 588 | RegQueryValueExW |
Handle => 0x00000338 DataLength => 4 ValueName => {871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0x401 Type => 1292060 |
FAILURE | 0x00000002 | |
| 18:34:36,860 | 588 | RegQueryValueExW |
Handle => 0x0000033c Data => ValueName => {871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0x401 |
SUCCESS | 0x00000000 | |
| 18:34:36,860 | 588 | NtOpenKey |
DesiredAccess => 2147483648 KeyHandle => 0x000003f4 ObjectAttributes => \Registry\Machine\Software\Classes\CLSID\{871c5380-42a0-1069-a2ea-08002b30309d}\InProcServer32 |
SUCCESS | 0x00000000 | |
| 18:34:36,860 | 588 | NtQueryValueKey |
Information => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00s\x00h\x00d\x00o\x00c\x00v\x00w\x00.\x00d\x00l\x00l\x00\x00\x00 KeyHandle => 0x000003f4 ValueName => Type => 2 |
SUCCESS | 0x00000000 | |
| 18:34:36,860 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7e290000 FileName => shdocvw.dll |
SUCCESS | 0x00000000 | |
| 18:34:36,860 | 588 | RegOpenKeyExW |
Handle => 0x000003f4 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:36,860 | 588 | RegQueryValueExW |
Handle => 0x000003f4 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:36,860 | 588 | RegCloseKey |
Handle => 0x000003f4 |
SUCCESS | 0x00000000 | |
| 18:34:36,860 | 588 | RegOpenKeyExW |
Handle => 0x000003f4 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:36,860 | 588 | RegQueryValueExW |
Handle => 0x000003f4 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:36,860 | 588 | RegCloseKey |
Handle => 0x000003f4 |
SUCCESS | 0x00000000 | |
| 18:34:36,860 | 588 | RegOpenKeyExW |
Handle => 0x000003f6 Registry => 0x000000e6 SubKey => CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} |
SUCCESS | 0x00000000 | |
| 18:34:36,860 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003f6 SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:36,860 | 588 | RegOpenKeyExW |
Handle => 0x000003fa Registry => 0x000000e6 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:36,860 | 588 | RegCloseKey |
Handle => 0x000003f6 |
SUCCESS | 0x00000000 | |
| 18:34:36,860 | 588 | RegOpenKeyExW |
Handle => 0x000003f6 Registry => 0x000003fa SubKey => CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} |
SUCCESS | 0x00000000 | |
| 18:34:36,860 | 588 | RegOpenKeyExW |
Handle => 0x000003fe Registry => 0x000003f6 SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:36,860 | 588 | RegQueryValueExW |
Handle => 0x000003fe DataLength => 1000 ValueName => InprocServer32 Type => 1568064 |
FAILURE | 0x00000002 | |
| 18:34:36,860 | 588 | RegCloseKey |
Handle => 0x000003fe |
SUCCESS | 0x00000000 | |
| 18:34:36,860 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003f6 SubKey => InprocServerX86 |
FAILURE | 0x00000002 | |
| 18:34:36,860 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003f6 SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:36,860 | 588 | RegOpenKeyExW |
Handle => 0x000003fe Registry => 0x000003f6 SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:36,860 | 588 | RegQueryValueExW |
Handle => 0x000003fe Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00s\x00h\x00d\x00o\x00c\x00v\x00w\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:36,860 | 588 | RegCloseKey |
Handle => 0x000003fe |
SUCCESS | 0x00000000 | |
| 18:34:36,870 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003f6 SubKey => InprocHandler32 |
FAILURE | 0x00000002 | |
| 18:34:36,870 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003f6 SubKey => InprocHandlerX86 |
FAILURE | 0x00000002 | |
| 18:34:36,870 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003f6 SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:36,870 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x000003f6 SubKey => LocalServer |
FAILURE | 0x00000002 | |
| 18:34:36,870 | 588 | RegOpenKeyExW |
Handle => 0x000003fe Registry => 0x000003fa SubKey => CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} |
SUCCESS | 0x00000000 | |
| 18:34:36,870 | 588 | RegQueryValueExW |
Handle => 0x000003fe DataLength => 100 ValueName => AppID Type => 1292140 |
FAILURE | 0x00000002 | |
| 18:34:36,870 | 588 | RegCloseKey |
Handle => 0x000003fe |
SUCCESS | 0x00000000 | |
| 18:34:36,870 | 588 | RegCloseKey |
Handle => 0x000003f6 |
SUCCESS | 0x00000000 | |
| 18:34:36,870 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => EXPLORER.EXE |
FAILURE | 3221225781 | 1 time |
| 18:34:36,870 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{871C5380-42A0-1069-A2EA-08002B30309D} |
FAILURE | 0x00000002 | |
| 18:34:36,870 | 588 | NtQueryInformationFile |
FileHandle => 0x00000174 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:36,870 | 588 | GetSystemMetrics |
SystemMetricIndex => 31 |
SUCCESS | 0x00000019 | 7 times |
| 18:34:36,880 | 500 | NtProtectVirtualMemory |
OldAccessProtection => 0x00000004 NumberOfBytesProtected => 0x00001000 NewAccessProtection => 0x00000104 ProcessHandle => 0xffffffff BaseAddress => 0x022e7000 |
SUCCESS | 0x00000000 | |
| 18:34:36,880 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000000 SubKey => res |
FAILURE | 0x00000002 | |
| 18:34:36,880 | 588 | RegOpenKeyExA |
Handle => 0x00000404 Registry => 0x80000001 SubKey => Software\Microsoft\windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:36,880 | 588 | RegQueryValueExW |
Handle => 0x00000404 DataLength => 4 ValueName => IEHardenWarnOnNav Type => 1304340 |
FAILURE | 0x00000002 | |
| 18:34:36,880 | 588 | RegOpenKeyExA |
Handle => 0x00000408 Registry => 0x80000002 SubKey => Software\Microsoft\windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:36,880 | 588 | RegQueryValueExW |
Handle => 0x00000408 DataLength => 4 ValueName => IEHardenWarnOnNav Type => 1304340 |
FAILURE | 0x00000002 | |
| 18:34:36,880 | 588 | RegCloseKey |
Handle => 0x00000408 |
SUCCESS | 0x00000000 | |
| 18:34:36,880 | 588 | RegCloseKey |
Handle => 0x00000404 |
SUCCESS | 0x00000000 | |
| 18:34:36,880 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Restrictions |
FAILURE | 0x00000002 | |
| 18:34:36,880 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Restrictions |
FAILURE | 0x00000002 | |
| 18:34:36,880 | 588 | RegOpenKeyExW |
Handle => 0x00000404 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:36,880 | 588 | RegQueryValueExW |
Handle => 0x00000404 DataLength => 4 ValueName => Security_HKLM_only Type => 1293624 |
FAILURE | 0x00000002 | |
| 18:34:36,880 | 588 | RegCloseKey |
Handle => 0x00000404 |
SUCCESS | 0x00000000 | |
| 18:34:36,880 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:36,880 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:36,880 | 588 | RegOpenKeyExW |
Handle => 0x00000404 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 18:34:36,880 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:36,880 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000404 SubKey => FEATURE_INTELLIFORMS_ALTERNATE_RELEASE_KB924301 |
FAILURE | 0x00000002 | |
| 18:34:36,890 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 18:34:36,890 | 588 | RegCloseKey |
Handle => 0x00000404 |
SUCCESS | 0x00000000 | |
| 18:34:36,890 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 18:34:36,890 | 588 | NtQueryInformationFile |
FileHandle => 0x00000174 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:36,890 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetUrlCacheEntryInfoA FunctionAddress => 0x771d1af9 ModuleHandle => 0x771b0000 |
SUCCESS | 0x00000000 | |
| 18:34:36,890 | 588 | NtQueryInformationFile |
FileHandle => 0x00000174 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:36,890 | 588 | NtQueryInformationFile |
FileHandle => 0x0000018c FileInformation => \x00\x80\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:36,890 | 588 | LdrGetProcedureAddress |
Ordinal => 17 FunctionName => FunctionAddress => 0x7c9ec1b7 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:36,890 | 588 | LdrGetProcedureAddress |
Ordinal => 146 FunctionName => FunctionAddress => 0x7e2a5baa ModuleHandle => 0x7e290000 |
SUCCESS | 0x00000000 | |
| 18:34:36,890 | 588 | LdrGetProcedureAddress |
Ordinal => 16 FunctionName => FunctionAddress => 0x7c9ec97c ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:36,890 | 588 | NtOpenKey |
DesiredAccess => 2147483648 KeyHandle => 0x00000404 ObjectAttributes => \Registry\Machine\Software\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04fb6bfc4}\InProcServer32 |
SUCCESS | 0x00000000 | |
| 18:34:36,890 | 588 | NtQueryValueKey |
Information => C\x00:\x00\\x00W\x00I\x00N\x00D\x00O\x00W\x00S\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00u\x00r\x00l\x00m\x00o\x00n\x00.\x00d\x00l\x00l\x00\x00\x00 KeyHandle => 0x00000404 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:36,890 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7e1e0000 FileName => urlmon.dll |
SUCCESS | 0x00000000 | |
| 18:34:36,890 | 588 | RegOpenKeyExA |
Handle => 0x00000404 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
SUCCESS | 0x00000000 | |
| 18:34:36,890 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
FAILURE | 0x00000002 | |
| 18:34:36,890 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
FAILURE | 0x00000002 | |
| 18:34:36,890 | 588 | RegOpenKeyExA |
Handle => 0x00000408 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
SUCCESS | 0x00000000 | |
| 18:34:36,900 | 588 | LdrGetProcedureAddress |
Ordinal => 148 FunctionName => FunctionAddress => 0x7e2a9525 ModuleHandle => 0x7e290000 |
SUCCESS | 0x00000000 | |
| 18:34:36,900 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x00000408 SubKey => Domains\lukodorsai.info |
FAILURE | 0x00000002 | |
| 18:34:36,900 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lukodorsai.info |
FAILURE | 0x00000002 | |
| 18:34:36,900 | 588 | RegQueryValueExW |
Handle => 0x00000404 Data => 1 ValueName => IntranetName |
SUCCESS | 0x00000000 | |
| 18:34:36,900 | 588 | RegQueryValueExW |
Handle => 0x00000404 Data => 1 ValueName => ProxyBypass |
SUCCESS | 0x00000000 | |
| 18:34:36,900 | 588 | RegOpenKeyExA |
Handle => 0x0000040c Registry => 0x00000408 SubKey => ProtocolDefaults\ |
SUCCESS | 0x00000000 | |
| 18:34:36,900 | 588 | RegQueryValueExW |
Handle => 0x0000040c Data => 3 ValueName => http |
SUCCESS | 0x00000000 | |
| 18:34:36,900 | 588 | RegCloseKey |
Handle => 0x0000040c |
SUCCESS | 0x00000000 | |
| 18:34:36,900 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => OleRun FunctionAddress => 0x775561c9 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:36,900 | 588 | RegOpenKeyExW |
Handle => 0x0000040c Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:36,900 | 588 | RegQueryValueExW |
Handle => 0x0000040c Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:36,900 | 588 | RegCloseKey |
Handle => 0x0000040c |
SUCCESS | 0x00000000 | |
| 18:34:36,900 | 588 | RegOpenKeyExW |
Handle => 0x0000040c Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:36,900 | 588 | RegQueryValueExW |
Handle => 0x0000040c Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:36,900 | 588 | RegCloseKey |
Handle => 0x0000040c |
SUCCESS | 0x00000000 | |
| 18:34:36,900 | 588 | RegOpenKeyExW |
Handle => 0x0000040e Registry => 0x000000e6 SubKey => CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC} |
SUCCESS | 0x00000000 | |
| 18:34:36,900 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000040e SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:36,900 | 588 | RegOpenKeyExW |
Handle => 0x00000412 Registry => 0x000000e6 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:36,900 | 588 | RegCloseKey |
Handle => 0x0000040e |
SUCCESS | 0x00000000 | |
| 18:34:36,900 | 588 | RegOpenKeyExW |
Handle => 0x0000040e Registry => 0x00000412 SubKey => CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC} |
SUCCESS | 0x00000000 | |
| 18:34:36,900 | 588 | RegOpenKeyExW |
Handle => 0x00000416 Registry => 0x0000040e SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:36,900 | 588 | RegQueryValueExW |
Handle => 0x00000416 DataLength => 1000 ValueName => InprocServer32 Type => 1567048 |
FAILURE | 0x00000002 | |
| 18:34:36,900 | 588 | RegCloseKey |
Handle => 0x00000416 |
SUCCESS | 0x00000000 | |
| 18:34:36,910 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000040e SubKey => InprocServerX86 |
FAILURE | 0x00000002 | |
| 18:34:36,910 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000040e SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:36,910 | 588 | RegOpenKeyExW |
Handle => 0x00000416 Registry => 0x0000040e SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:36,910 | 588 | RegQueryValueExW |
Handle => 0x00000416 Data => C\x00:\x00\\x00W\x00I\x00N\x00D\x00O\x00W\x00S\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00m\x00s\x00i\x00m\x00t\x00f\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:36,910 | 588 | RegCloseKey |
Handle => 0x00000416 |
SUCCESS | 0x00000000 | |
| 18:34:36,910 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000040e SubKey => InprocHandler32 |
FAILURE | 0x00000002 | |
| 18:34:36,910 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000040e SubKey => InprocHandlerX86 |
FAILURE | 0x00000002 | |
| 18:34:36,910 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000040e SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:36,910 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000040e SubKey => LocalServer |
FAILURE | 0x00000002 | |
| 18:34:36,910 | 588 | RegOpenKeyExW |
Handle => 0x00000416 Registry => 0x00000412 SubKey => CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC} |
SUCCESS | 0x00000000 | |
| 18:34:36,910 | 588 | RegQueryValueExW |
Handle => 0x00000416 DataLength => 100 ValueName => AppID Type => 1292104 |
FAILURE | 0x00000002 | |
| 18:34:36,910 | 588 | RegCloseKey |
Handle => 0x00000416 |
SUCCESS | 0x00000000 | |
| 18:34:36,910 | 588 | RegCloseKey |
Handle => 0x0000040e |
SUCCESS | 0x00000000 | |
| 18:34:36,910 | 588 | RegOpenKeyExW |
Handle => 0x0000040e Registry => 0x00000412 SubKey => CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC} |
SUCCESS | 0x00000000 | |
| 18:34:36,910 | 588 | RegCloseKey |
Handle => 0x0000040e |
SUCCESS | 0x00000000 | |
| 18:34:36,910 | 588 | RegOpenKeyExW |
Handle => 0x0000040e Registry => 0x00000412 SubKey => CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC} |
SUCCESS | 0x00000000 | |
| 18:34:36,910 | 588 | RegOpenKeyExW |
Handle => 0x00000416 Registry => 0x0000040e SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:36,910 | 588 | RegQueryValueExW |
Handle => 0x00000416 Data => A\x00p\x00a\x00r\x00t\x00m\x00e\x00n\x00t\x00\x00\x00 ValueName => ThreadingModel |
SUCCESS | 0x00000000 | |
| 18:34:36,910 | 588 | RegCloseKey |
Handle => 0x00000416 |
SUCCESS | 0x00000000 | |
| 18:34:36,910 | 588 | RegCloseKey |
Handle => 0x0000040e |
SUCCESS | 0x00000000 | |
| 18:34:36,910 | 588 | RegOpenKeyExW |
Handle => 0x0000040e Registry => 0x80000000 SubKey => CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC} |
SUCCESS | 0x00000000 | |
| 18:34:36,910 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000040e SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:36,910 | 588 | RegCloseKey |
Handle => 0x0000040e |
SUCCESS | 0x00000000 | |
| 18:34:36,920 | 588 | LdrLoadDll |
Flags => 1288880 BaseAddress => 0x746f0000 FileName => C:\WINDOWS\system32\msimtf.dll |
SUCCESS | 0x00000000 | |
| 18:34:36,920 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DllGetClassObject FunctionAddress => 0x746f267a ModuleHandle => 0x746f0000 |
SUCCESS | 0x00000000 | |
| 18:34:36,920 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DllCanUnloadNow FunctionAddress => 0x746f154d ModuleHandle => 0x746f0000 |
SUCCESS | 0x00000000 | |
| 18:34:36,920 | 588 | RegOpenKeyExA |
Handle => 0x00000428 Registry => 0x80000001 SubKey => SOFTWARE\Microsoft\CTF |
SUCCESS | 0x00000000 | |
| 18:34:36,920 | 588 | RegQueryValueExA |
Handle => 0x00000428 DataLength => 4 ValueName => Disable Thread Input Manager Type => 1064 |
FAILURE | 0x00000002 | |
| 18:34:36,920 | 588 | RegCloseKey |
Handle => 0x00000428 |
SUCCESS | 0x00000000 | |
| 18:34:36,920 | 588 | RegOpenKeyExA |
Handle => 0x0000042c Registry => 0x80000002 SubKey => Software\Microsoft\CTF\TIP |
SUCCESS | 0x00000000 | |
| 18:34:36,920 | 588 | RegEnumKeyExA |
Index => 0 Handle => 0x0000042c Name => {78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80} Class => |
SUCCESS | 0x00000000 | |
| 18:34:36,920 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x0000042c SubKey => {78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\LanguageProfile |
FAILURE | 0x00000002 | |
| 18:34:36,920 | 588 | RegEnumKeyExA |
Index => 1 Handle => 0x0000042c Name => {C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82} Class => |
SUCCESS | 0x00000000 | |
| 18:34:36,920 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x0000042c SubKey => {C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\LanguageProfile |
FAILURE | 0x00000002 | |
| 18:34:36,920 | 588 | RegEnumKeyExA |
Index => 2 Handle => 0x0000042c Name => {DCBD6FA8-032F-11D3-B5B1-00C04FC324A1} Class => |
SUCCESS | 0x00000000 | |
| 18:34:36,920 | 588 | RegOpenKeyExA |
Handle => 0x00000428 Registry => 0x0000042c SubKey => {DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\LanguageProfile |
SUCCESS | 0x00000000 | |
| 18:34:36,920 | 588 | RegCloseKey |
Handle => 0x00000428 |
SUCCESS | 0x00000000 | |
| 18:34:36,920 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000001 SubKey => SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\LanguageProfile |
FAILURE | 0x00000002 | |
| 18:34:36,920 | 588 | RegOpenKeyExA |
Handle => 0x00000428 Registry => 0x80000002 SubKey => Software\Microsoft\Speech\Recognizers\Tokens |
SUCCESS | 0x00000000 | |
| 18:34:36,920 | 588 | RegQueryInfoKeyA |
MaxClassLength => 0 MaxValueLength => 0 MaxValueNameLength => 0 ValueCount => 0 MaxSubKeyLength => 0 KeyHandle => 0x00000428 SubKeyCount => 0 Class => |
SUCCESS | 0x00000000 | |
| 18:34:36,920 | 588 | RegCloseKey |
Handle => 0x00000428 |
SUCCESS | 0x00000000 | |
| 18:34:36,920 | 588 | RegEnumKeyExA |
Index => 3 Handle => 0x0000042c Name => {F89E9E58-BD2F-4008-9AC2-0F816C09F4EE} Class => |
SUCCESS | 0x00000000 | |
| 18:34:36,920 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x0000042c SubKey => {F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\LanguageProfile |
FAILURE | 0x00000002 | |
| 18:34:36,920 | 588 | RegEnumKeyExA |
Index => 4 Handle => 0x0000042c Name => {F89E9E58-BD2F-4008-9AC2-0F816C09F4EE} Class => |
FAILURE | 0x00000103 | |
| 18:34:36,920 | 588 | RegCloseKey |
Handle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:36,920 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | 4 times |
| 18:34:36,920 | 588 | LdrLoadDll |
Flags => 1292872 BaseAddress => 0x76390000 FileName => IMM32.DLL |
SUCCESS | 0x00000000 | |
| 18:34:36,920 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => ImmGetContext FunctionAddress => 0x763923a1 ModuleHandle => 0x76390000 |
SUCCESS | 0x00000000 | |
| 18:34:36,920 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Restrictions |
FAILURE | 0x00000002 | |
| 18:34:36,920 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Restrictions |
FAILURE | 0x00000002 | |
| 18:34:36,920 | 588 | LdrGetProcedureAddress |
Ordinal => 325 FunctionName => FunctionAddress => 0x773e0b98 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:36,920 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 18:34:36,930 | 588 | RegOpenKeyExW |
Handle => 0x00000428 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 18:34:36,930 | 588 | RegQueryValueExW |
Handle => 0x00000428 DataLength => 4 ValueName => NoToolbarCustomize Type => 1293436 |
FAILURE | 0x00000002 | |
| 18:34:36,930 | 588 | RegCloseKey |
Handle => 0x00000428 |
SUCCESS | 0x00000000 | |
| 18:34:36,930 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7c9c0000 FileName => shell32.dll |
SUCCESS | 0x00000000 | |
| 18:34:36,930 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => ImageList_LoadImageW FunctionAddress => 0x773e9389 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:36,930 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7c9c0000 FileName => shell32.dll |
SUCCESS | 0x00000000 | |
| 18:34:36,930 | 588 | RegQueryValueExW |
Handle => 0x00000244 Data => C\x00:\x00\\x00P\x00r\x00o\x00g\x00r\x00a\x00m\x00 \x00F\x00i\x00l\x00e\x00s\x00\\x00M\x00e\x00s\x00s\x00e\x00n\x00g\x00e\x00r\x00\\x00m\x00s\x00m\x00s\x00g\x00s\x00.\x00e\x00x\x00e\x00,\x003\x000\x001\x00\x00\x00 ValueName => Icon |
SUCCESS | 0x00000000 | |
| 18:34:36,930 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => C:\Program Files\Messenger\msmsgs.exe |
FAILURE | 3221225781 | |
| 18:34:36,930 | 588 | NtCreateFile |
ShareAccess => 5 FileName => C:\Program Files\Messenger\msmsgs.exe DesiredAccess => 0x80100080 CreateDisposition => 1 FileHandle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:36,930 | 588 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0005 SectionHandle => 0x00000428 FileHandle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:36,930 | 588 | ZwMapViewOfSection |
SectionOffset => 0x0013b6d4 SectionHandle => 0x00000428 ProcessHandle => 0xffffffff BaseAddress => 0x02310000 |
SUCCESS | 0x00000000 | |
| 18:34:36,940 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => ImageList_ReplaceIcon FunctionAddress => 0x773e521d ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:36,940 | 588 | RegQueryValueExW |
Handle => 0x00000244 Data => C\x00:\x00\\x00P\x00r\x00o\x00g\x00r\x00a\x00m\x00 \x00F\x00i\x00l\x00e\x00s\x00\\x00M\x00e\x00s\x00s\x00e\x00n\x00g\x00e\x00r\x00\\x00m\x00s\x00m\x00s\x00g\x00s\x00.\x00e\x00x\x00e\x00,\x003\x000\x002\x00\x00\x00 ValueName => HotIcon |
SUCCESS | 0x00000000 | |
| 18:34:36,940 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => C:\Program Files\Messenger\msmsgs.exe |
FAILURE | 3221225781 | |
| 18:34:36,940 | 588 | NtCreateFile |
ShareAccess => 5 FileName => C:\Program Files\Messenger\msmsgs.exe DesiredAccess => 0x80100080 CreateDisposition => 1 FileHandle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:36,940 | 588 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0005 SectionHandle => 0x00000428 FileHandle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:36,940 | 588 | ZwMapViewOfSection |
SectionOffset => 0x0013b6d4 SectionHandle => 0x00000428 ProcessHandle => 0xffffffff BaseAddress => 0x02310000 |
SUCCESS | 0x00000000 | |
| 18:34:36,950 | 588 | LdrGetProcedureAddress |
Ordinal => 191 FunctionName => FunctionAddress => 0x7e34625d ModuleHandle => 0x7e290000 |
SUCCESS | 0x00000000 | |
| 18:34:36,950 | 588 | RegOpenKeyExW |
Handle => 0x00000428 Registry => 0x00000030 SubKey => Software\Clients\News |
SUCCESS | 0x00000000 | |
| 18:34:36,950 | 588 | RegQueryValueExW |
Handle => 0x00000428 DataLength => 32 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:36,950 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Restrictions |
FAILURE | 0x00000002 | |
| 18:34:36,950 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Restrictions |
FAILURE | 0x00000002 | |
| 18:34:36,950 | 588 | RegOpenKeyExA |
Handle => 0x00000428 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Toolbar |
SUCCESS | 0x00000000 | |
| 18:34:36,950 | 588 | RegQueryValueExW |
Handle => 0x00000428 DataLength => 520 ValueName => ShowFonts Type => 1293460 |
FAILURE | 0x00000002 | |
| 18:34:36,950 | 588 | RegOpenKeyExA |
Handle => 0x0000042c Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Toolbar |
SUCCESS | 0x00000000 | |
| 18:34:36,950 | 588 | RegQueryValueExW |
Handle => 0x0000042c DataLength => 520 ValueName => ShowFonts Type => 1293460 |
FAILURE | 0x00000002 | |
| 18:34:36,950 | 588 | RegCloseKey |
Handle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:36,950 | 588 | RegCloseKey |
Handle => 0x00000428 |
SUCCESS | 0x00000000 | |
| 18:34:36,950 | 588 | RegOpenKeyExW |
Handle => 0x00000428 Registry => 0x00000208 SubKey => .htm |
SUCCESS | 0x00000000 | |
| 18:34:36,950 | 588 | RegQueryValueExW |
Handle => 0x00000428 DataLength => 128 ValueName => Progid Type => 1293628 |
FAILURE | 0x00000002 | |
| 18:34:36,950 | 588 | RegCloseKey |
Handle => 0x00000428 |
SUCCESS | 0x00000000 | |
| 18:34:36,950 | 588 | RegOpenKeyExW |
Handle => 0x00000428 Registry => 0x00000208 SubKey => .htm |
SUCCESS | 0x00000000 | |
| 18:34:36,950 | 588 | RegQueryValueExW |
Handle => 0x00000428 DataLength => 128 ValueName => Application Type => 1293628 |
FAILURE | 0x00000002 | |
| 18:34:36,950 | 588 | RegCloseKey |
Handle => 0x00000428 |
SUCCESS | 0x00000000 | |
| 18:34:36,950 | 588 | RegOpenKeyExW |
Handle => 0x0000042a Registry => 0x80000000 SubKey => .htm |
SUCCESS | 0x00000000 | |
| 18:34:36,950 | 588 | RegQueryValueExW |
Handle => 0x0000042a Data => h\x00t\x00m\x00l\x00f\x00i\x00l\x00e\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:36,950 | 588 | RegOpenKeyExW |
Handle => 0x0000042e Registry => 0x80000000 SubKey => htmlfile |
SUCCESS | 0x00000000 | |
| 18:34:36,950 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000042e SubKey => CurVer |
FAILURE | 0x00000002 | |
| 18:34:36,950 | 588 | RegOpenKeyExW |
Handle => 0x00000432 Registry => 0x0000042e SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:36,950 | 588 | RegCloseKey |
Handle => 0x0000042e |
SUCCESS | 0x00000000 | |
| 18:34:36,960 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000432 SubKey => shell\edit |
FAILURE | 0x00000002 | |
| 18:34:36,960 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000000 SubKey => SystemFileAssociations\.htm |
FAILURE | 0x00000002 | |
| 18:34:36,960 | 588 | RegOpenKeyExW |
Handle => 0x0000042e Registry => 0x80000000 SubKey => .htm |
SUCCESS | 0x00000000 | |
| 18:34:36,960 | 588 | RegQueryValueExW |
Handle => 0x0000042e Data => t\x00e\x00x\x00t\x00\x00\x00 ValueName => PerceivedType |
SUCCESS | 0x00000000 | |
| 18:34:36,960 | 588 | RegCloseKey |
Handle => 0x0000042e |
SUCCESS | 0x00000000 | |
| 18:34:36,960 | 588 | RegOpenKeyExW |
Handle => 0x0000042e Registry => 0x80000000 SubKey => SystemFileAssociations\text |
SUCCESS | 0x00000000 | |
| 18:34:36,960 | 588 | RegOpenKeyExW |
Handle => 0x00000436 Registry => 0x0000042e SubKey => shell\edit |
SUCCESS | 0x00000000 | |
| 18:34:36,960 | 588 | RegOpenKeyExW |
Handle => 0x0000043a Registry => 0x00000436 SubKey => command |
SUCCESS | 0x00000000 | |
| 18:34:36,960 | 588 | RegQueryValueExW |
Handle => 0x0000043a Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00N\x00O\x00T\x00E\x00P\x00A\x00D\x00.\x00E\x00X\x00E\x00 \x00%\x001\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:36,960 | 588 | RegCloseKey |
Handle => 0x0000043a |
SUCCESS | 0x00000000 | |
| 18:34:36,960 | 588 | RegCloseKey |
Handle => 0x0000042a |
SUCCESS | 0x00000000 | |
| 18:34:36,960 | 588 | RegCloseKey |
Handle => 0x00000432 |
SUCCESS | 0x00000000 | |
| 18:34:36,960 | 588 | RegCloseKey |
Handle => 0x00000436 |
SUCCESS | 0x00000000 | |
| 18:34:36,960 | 588 | RegCloseKey |
Handle => 0x0000042e |
SUCCESS | 0x00000000 | |
| 18:34:36,960 | 588 | RegOpenKeyExA |
Handle => 0x0000042c Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Toolbar |
SUCCESS | 0x00000000 | |
| 18:34:36,960 | 588 | RegQueryValueExW |
Handle => 0x0000042c DataLength => 520 ValueName => ShowDiscussionButton Type => 1293444 |
FAILURE | 0x00000002 | |
| 18:34:36,960 | 588 | RegOpenKeyExA |
Handle => 0x00000434 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Toolbar |
SUCCESS | 0x00000000 | |
| 18:34:36,960 | 588 | RegQueryValueExW |
Handle => 0x00000434 DataLength => 520 ValueName => ShowDiscussionButton Type => 1293444 |
FAILURE | 0x00000002 | |
| 18:34:36,970 | 588 | RegCloseKey |
Handle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 18:34:36,970 | 588 | RegCloseKey |
Handle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:36,970 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000000 SubKey => CLSID\{BDEADE7F-C265-11d0-BCED-00A0C90AB50F}\Implemented Categories\{00021494-0000-0000-C000-000000000046} |
FAILURE | 0x00000002 | |
| 18:34:36,970 | 588 | RegOpenKeyExW |
Handle => 0x0000042c Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Toolbar |
SUCCESS | 0x00000000 | |
| 18:34:36,970 | 588 | RegQueryValueExW |
Handle => 0x0000042c DataLength => 0 ValueName => {1E796980-9CC5-11D1-A83F-00C04FC99D61} Type => 0 |
FAILURE | 0x00000002 | |
| 18:34:36,970 | 588 | RegCloseKey |
Handle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:36,970 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:36,970 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:36,970 | 588 | GetSystemMetrics |
SystemMetricIndex => 2 |
SUCCESS | 0x00000011 | |
| 18:34:36,970 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:36,970 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:36,970 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:36,970 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:36,970 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:36,970 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:36,970 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Control Panel |
FAILURE | 0x00000002 | 2 times |
| 18:34:36,970 | 588 | NtQueryInformationFile |
FileHandle => 0x00000174 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:36,970 | 588 | NtQueryInformationFile |
FileHandle => 0x0000018c FileInformation => \x00\x80\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:36,970 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => WKSCAL.EXE |
FAILURE | 3221225781 | 1 time |
| 18:34:36,970 | 588 | LdrGetDllHandle |
ModuleHandle => 0x77120000 FileName => OLEAUT32.DLL |
SUCCESS | 0x00000000 | |
| 18:34:36,970 | 588 | LdrGetProcedureAddress |
Ordinal => 142 FunctionName => FunctionAddress => 0x7e2d4902 ModuleHandle => 0x7e290000 |
SUCCESS | 0x00000000 | |
| 18:34:36,970 | 588 | LdrGetProcedureAddress |
Ordinal => 77 FunctionName => FunctionAddress => 0x7c9f6598 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:36,980 | 588 | NtCreateFile |
ShareAccess => 3 FileName => C:\WINDOWS\system32\shell32.dll DesiredAccess => 0x80100180 CreateDisposition => 1 FileHandle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:36,980 | 588 | NtQueryInformationFile |
FileHandle => 0x0000042c FileInformation => \x00\xa0\xa1\x10'\x9e\xc8\x010\xfa\xf5\xe7|\xa0\xcf\x01\x00\xa0\xa1\x10'\x9e\xc8\x01\x10(6\xe8|\xa0\xcf\x01 \x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:36,980 | 588 | NtSetInformationFile |
FileHandle => 0x0000042c FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:36,980 | 588 | NtReadFile |
Buffer => MZ\x90\x00\x03\x00\x00\x00\x04\x00\x00\x00 FileHandle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:36,980 | 588 | NtQueryInformationFile |
FileHandle => 0x0000042c FileInformation => \x00 \x81\x00\x00\x00\x00\x00\x00\x1c\x81\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:36,980 | 588 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0005 SectionHandle => 0x00000434 FileHandle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:36,980 | 588 | ZwMapViewOfSection |
SectionOffset => 0x00139618 SectionHandle => 0x00000434 ProcessHandle => 0xffffffff BaseAddress => 0x02300000 |
SUCCESS | 0x00000000 | |
| 18:34:36,990 | 588 | NtCreateFile |
ShareAccess => 3 FileName => C:\WINDOWS\system32\shell32.dll DesiredAccess => 0x80100180 CreateDisposition => 1 FileHandle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:36,990 | 588 | NtQueryInformationFile |
FileHandle => 0x0000042c FileInformation => \x00\xa0\xa1\x10'\x9e\xc8\x010\xfa\xf5\xe7|\xa0\xcf\x01\x00\xa0\xa1\x10'\x9e\xc8\x01\xf0\xfaZ\xf5|\xa0\xcf\x01 \x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:36,990 | 588 | NtSetInformationFile |
FileHandle => 0x0000042c FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:36,990 | 588 | NtReadFile |
Buffer => MZ\x90\x00\x03\x00\x00\x00\x04\x00\x00\x00 FileHandle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:36,990 | 588 | NtQueryInformationFile |
FileHandle => 0x0000042c FileInformation => \x00 \x81\x00\x00\x00\x00\x00\x00\x1c\x81\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:36,990 | 588 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0005 SectionHandle => 0x00000434 FileHandle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:36,990 | 588 | ZwMapViewOfSection |
SectionOffset => 0x00139618 SectionHandle => 0x00000434 ProcessHandle => 0xffffffff BaseAddress => 0x02300000 |
SUCCESS | 0x00000000 | |
| 18:34:36,990 | 588 | NtCreateFile |
ShareAccess => 3 FileName => C:\WINDOWS\system32\shell32.dll DesiredAccess => 0x80100180 CreateDisposition => 1 FileHandle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:37,000 | 588 | NtQueryInformationFile |
FileHandle => 0x0000042c FileInformation => \x00\xa0\xa1\x10'\x9e\xc8\x010\xfa\xf5\xe7|\xa0\xcf\x01\x00\xa0\xa1\x10'\x9e\xc8\x01 \x82\\xf5|\xa0\xcf\x01 \x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,000 | 588 | NtSetInformationFile |
FileHandle => 0x0000042c FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:37,000 | 588 | NtReadFile |
Buffer => MZ\x90\x00\x03\x00\x00\x00\x04\x00\x00\x00 FileHandle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:37,000 | 588 | NtQueryInformationFile |
FileHandle => 0x0000042c FileInformation => \x00 \x81\x00\x00\x00\x00\x00\x00\x1c\x81\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,000 | 588 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0005 SectionHandle => 0x00000434 FileHandle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:37,000 | 588 | ZwMapViewOfSection |
SectionOffset => 0x00139618 SectionHandle => 0x00000434 ProcessHandle => 0xffffffff BaseAddress => 0x02300000 |
SUCCESS | 0x00000000 | |
| 18:34:37,000 | 588 | NtCreateFile |
ShareAccess => 3 FileName => C:\WINDOWS\system32\shell32.dll DesiredAccess => 0x80100180 CreateDisposition => 1 FileHandle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:37,000 | 588 | NtQueryInformationFile |
FileHandle => 0x0000042c FileInformation => \x00\xa0\xa1\x10'\x9e\xc8\x010\xfa\xf5\xe7|\xa0\xcf\x01\x00\xa0\xa1\x10'\x9e\xc8\x01P ^\xf5|\xa0\xcf\x01 \x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,000 | 588 | NtSetInformationFile |
FileHandle => 0x0000042c FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:37,000 | 588 | NtReadFile |
Buffer => MZ\x90\x00\x03\x00\x00\x00\x04\x00\x00\x00 FileHandle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:37,000 | 588 | NtQueryInformationFile |
FileHandle => 0x0000042c FileInformation => \x00 \x81\x00\x00\x00\x00\x00\x00\x1c\x81\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,000 | 588 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0005 SectionHandle => 0x00000434 FileHandle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:37,000 | 588 | ZwMapViewOfSection |
SectionOffset => 0x00139618 SectionHandle => 0x00000434 ProcessHandle => 0xffffffff BaseAddress => 0x02300000 |
SUCCESS | 0x00000000 | |
| 18:34:37,010 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => PropVariantClear FunctionAddress => 0x77514104 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:37,010 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => PropVariantCopy FunctionAddress => 0x775e4aaa ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:37,010 | 588 | LdrGetProcedureAddress |
Ordinal => 236 FunctionName => FunctionAddress => 0x773e1798 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:37,010 | 588 | NtQueryInformationFile |
FileHandle => 0x00000174 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,010 | 588 | NtQueryInformationFile |
FileHandle => 0x0000018c FileInformation => \x00\x80\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,010 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => FreePropVariantArray FunctionAddress => 0x7752098c ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:37,010 | 588 | NtQueryInformationFile |
FileHandle => 0x00000174 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,010 | 588 | NtQueryInformationFile |
FileHandle => 0x0000018c FileInformation => \x00\x80\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,010 | 588 | LdrGetProcedureAddress |
Ordinal => 329 FunctionName => FunctionAddress => 0x773e0db5 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:37,010 | 588 | RegOpenKeyExW |
Handle => 0x0000042e Registry => 0x80000000 SubKey => http\DefaultIcon |
SUCCESS | 0x00000000 | |
| 18:34:37,010 | 588 | RegQueryValueExW |
Handle => 0x0000042e Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00u\x00r\x00l\x00.\x00d\x00l\x00l\x00,\x000\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:37,010 | 588 | RegCloseKey |
Handle => 0x0000042e |
SUCCESS | 0x00000000 | |
| 18:34:37,010 | 588 | NtQueryInformationFile |
FileHandle => 0x00000174 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,010 | 588 | NtQueryInformationFile |
FileHandle => 0x0000018c FileInformation => \x00\x80\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,010 | 588 | LdrLoadDll |
Flags => 1283140 BaseAddress => 0x7c9c0000 FileName => shell32.dll |
SUCCESS | 0x00000000 | |
| 18:34:37,010 | 588 | LdrGetProcedureAddress |
Ordinal => 3 FunctionName => FunctionAddress => 0x7cab4bd6 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:37,010 | 588 | RegOpenKeyExW |
Handle => 0x0000042c Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume |
SUCCESS | 0x00000000 | |
| 18:34:37,010 | 588 | RegOpenKeyExW |
Handle => 0x00000434 Registry => 0x0000042c SubKey => {e6c716a2-b561-11e1-9849-806d6172696f}\ |
SUCCESS | 0x00000000 | |
| 18:34:37,010 | 588 | RegCloseKey |
Handle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:37,010 | 588 | RegQueryValueExW |
Handle => 0x00000434 Data => 1 ValueName => Generation |
SUCCESS | 0x00000000 | |
| 18:34:37,010 | 588 | RegCloseKey |
Handle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 18:34:37,010 | 588 | NtCreateFile |
ShareAccess => 3 FileName => C:\WINDOWS\system32\url.dll DesiredAccess => 0x80100180 CreateDisposition => 1 FileHandle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 18:34:37,010 | 588 | NtQueryInformationFile |
FileHandle => 0x00000434 FileInformation => \x00\xa0\xa1\x10'\x9e\xc8\x01\x10\xfa \xfe\xf1\x91\xcf\x01\x00\xa0\xa1\x10'\x9e\xc8\x01\x00\xe7\xa4\xbc\xe0\x91\xcf\x01 \x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,010 | 588 | NtSetInformationFile |
FileHandle => 0x00000434 FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:37,010 | 588 | NtReadFile |
Buffer => MZ\x90\x00\x03\x00\x00\x00\x04\x00\x00\x00 FileHandle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 18:34:37,010 | 588 | NtQueryInformationFile |
FileHandle => 0x00000434 FileInformation => \x00\xa0\x00\x00\x00\x00\x00\x00\x00\x94\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,010 | 588 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0005 SectionHandle => 0x0000042c FileHandle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 18:34:37,010 | 588 | ZwMapViewOfSection |
SectionOffset => 0x00138d20 SectionHandle => 0x0000042c ProcessHandle => 0xffffffff BaseAddress => 0x02300000 |
SUCCESS | 0x00000000 | |
| 18:34:37,020 | 588 | NtQueryInformationFile |
FileHandle => 0x00000174 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,020 | 588 | NtQueryInformationFile |
FileHandle => 0x0000018c FileInformation => \x00\x80\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,020 | 588 | RegOpenKeyExW |
Handle => 0x00000434 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume |
SUCCESS | 0x00000000 | |
| 18:34:37,020 | 588 | RegOpenKeyExW |
Handle => 0x0000042c Registry => 0x00000434 SubKey => {e6c716a2-b561-11e1-9849-806d6172696f}\ |
SUCCESS | 0x00000000 | |
| 18:34:37,020 | 588 | RegCloseKey |
Handle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 18:34:37,020 | 588 | RegQueryValueExW |
Handle => 0x0000042c Data => 1 ValueName => Generation |
SUCCESS | 0x00000000 | |
| 18:34:37,020 | 588 | RegCloseKey |
Handle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:37,020 | 588 | NtCreateFile |
ShareAccess => 3 FileName => C:\WINDOWS\system32\url.dll DesiredAccess => 0x80100180 CreateDisposition => 1 FileHandle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:37,020 | 588 | NtQueryInformationFile |
FileHandle => 0x0000042c FileInformation => \x00\xa0\xa1\x10'\x9e\xc8\x01\x10\xfa \xfe\xf1\x91\xcf\x01\x00\xa0\xa1\x10'\x9e\xc8\x01\x80\x90_\xf5|\xa0\xcf\x01 \x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,020 | 588 | NtSetInformationFile |
FileHandle => 0x0000042c FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:37,020 | 588 | NtReadFile |
Buffer => MZ\x90\x00\x03\x00\x00\x00\x04\x00\x00\x00 FileHandle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:37,020 | 588 | NtQueryInformationFile |
FileHandle => 0x0000042c FileInformation => \x00\xa0\x00\x00\x00\x00\x00\x00\x00\x94\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,020 | 588 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0005 SectionHandle => 0x00000434 FileHandle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:37,020 | 588 | ZwMapViewOfSection |
SectionOffset => 0x00138d20 SectionHandle => 0x00000434 ProcessHandle => 0xffffffff BaseAddress => 0x02300000 |
SUCCESS | 0x00000000 | |
| 18:34:37,020 | 588 | NtQueryInformationFile |
FileHandle => 0x00000174 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,020 | 588 | NtQueryInformationFile |
FileHandle => 0x0000018c FileInformation => \x00\x80\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,020 | 588 | NtQueryInformationFile |
FileHandle => 0x00000174 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,020 | 588 | NtQueryInformationFile |
FileHandle => 0x0000018c FileInformation => \x00\x80\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,030 | 588 | RegOpenKeyExW |
Handle => 0x0000042e Registry => 0x80000000 SubKey => http\DefaultIcon |
SUCCESS | 0x00000000 | |
| 18:34:37,030 | 588 | RegQueryValueExW |
Handle => 0x0000042e Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00u\x00r\x00l\x00.\x00d\x00l\x00l\x00,\x000\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:37,030 | 588 | RegCloseKey |
Handle => 0x0000042e |
SUCCESS | 0x00000000 | |
| 18:34:37,030 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7dc30000 FileName => MSHTML.DLL |
SUCCESS | 0x00000000 | |
| 18:34:37,030 | 588 | LdrGetProcedureAddress |
Ordinal => 72 FunctionName => FunctionAddress => 0x7c9f3fe0 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:37,030 | 588 | RegOpenKeyExW |
Handle => 0x0000042c Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume |
SUCCESS | 0x00000000 | |
| 18:34:37,030 | 588 | RegOpenKeyExW |
Handle => 0x00000434 Registry => 0x0000042c SubKey => {e6c716a2-b561-11e1-9849-806d6172696f}\ |
SUCCESS | 0x00000000 | |
| 18:34:37,030 | 588 | RegCloseKey |
Handle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:37,030 | 588 | RegQueryValueExW |
Handle => 0x00000434 Data => 1 ValueName => Generation |
SUCCESS | 0x00000000 | |
| 18:34:37,030 | 588 | RegCloseKey |
Handle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 18:34:37,030 | 588 | NtCreateFile |
ShareAccess => 3 FileName => C:\WINDOWS\system32\mshtml.dll DesiredAccess => 0x80100180 CreateDisposition => 1 FileHandle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 18:34:37,030 | 588 | NtQueryInformationFile |
FileHandle => 0x00000434 FileInformation => \x00\xa0\xa1\x10'\x9e\xc8\x01\xa0\xef\x06\xf5|\xa0\xcf\x01\x00\xa0\xa1\x10'\x9e\xc8\x01\xd0_\xa3\xbc\xe0\x91\xcf\x01 \x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,030 | 588 | NtSetInformationFile |
FileHandle => 0x00000434 FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:37,030 | 588 | NtReadFile |
Buffer => MZ\x90\x00\x03\x00\x00\x00\x04\x00\x00\x00 FileHandle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 18:34:37,030 | 588 | NtQueryInformationFile |
FileHandle => 0x00000434 FileInformation => \x00\xd0.\x00\x00\x00\x00\x00\x00\xcc.\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,030 | 588 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0005 SectionHandle => 0x0000042c FileHandle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 18:34:37,030 | 588 | ZwMapViewOfSection |
SectionOffset => 0x00138ccc SectionHandle => 0x0000042c ProcessHandle => 0xffffffff BaseAddress => 0x02300000 |
SUCCESS | 0x00000000 | |
| 18:34:37,040 | 588 | RegOpenKeyExW |
Handle => 0x00000434 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume |
SUCCESS | 0x00000000 | |
| 18:34:37,040 | 588 | RegOpenKeyExW |
Handle => 0x0000042c Registry => 0x00000434 SubKey => {e6c716a2-b561-11e1-9849-806d6172696f}\ |
SUCCESS | 0x00000000 | |
| 18:34:37,040 | 588 | RegCloseKey |
Handle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 18:34:37,040 | 588 | RegQueryValueExW |
Handle => 0x0000042c Data => 1 ValueName => Generation |
SUCCESS | 0x00000000 | |
| 18:34:37,040 | 588 | RegCloseKey |
Handle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:37,040 | 588 | NtCreateFile |
ShareAccess => 3 FileName => C:\WINDOWS\system32\mshtml.dll DesiredAccess => 0x80100180 CreateDisposition => 1 FileHandle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:37,040 | 588 | NtQueryInformationFile |
FileHandle => 0x0000042c FileInformation => \x00\xa0\xa1\x10'\x9e\xc8\x01\xa0\xef\x06\xf5|\xa0\xcf\x01\x00\xa0\xa1\x10'\x9e\xc8\x01\xe0\x9eb\xf5|\xa0\xcf\x01 \x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,040 | 588 | NtSetInformationFile |
FileHandle => 0x0000042c FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:37,040 | 588 | NtReadFile |
Buffer => MZ\x90\x00\x03\x00\x00\x00\x04\x00\x00\x00 FileHandle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:37,040 | 588 | NtQueryInformationFile |
FileHandle => 0x0000042c FileInformation => \x00\xd0.\x00\x00\x00\x00\x00\x00\xcc.\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,040 | 588 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0005 SectionHandle => 0x00000434 FileHandle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:37,040 | 588 | ZwMapViewOfSection |
SectionOffset => 0x00138ccc SectionHandle => 0x00000434 ProcessHandle => 0xffffffff BaseAddress => 0x02300000 |
SUCCESS | 0x00000000 | |
| 18:34:37,040 | 588 | RegOpenKeyExW |
Handle => 0x0000042c Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume |
SUCCESS | 0x00000000 | |
| 18:34:37,040 | 588 | RegOpenKeyExW |
Handle => 0x00000434 Registry => 0x0000042c SubKey => {e6c716a2-b561-11e1-9849-806d6172696f}\ |
SUCCESS | 0x00000000 | |
| 18:34:37,040 | 588 | RegCloseKey |
Handle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:37,040 | 588 | RegQueryValueExW |
Handle => 0x00000434 Data => 1 ValueName => Generation |
SUCCESS | 0x00000000 | |
| 18:34:37,040 | 588 | RegCloseKey |
Handle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 18:34:37,040 | 588 | NtCreateFile |
ShareAccess => 3 FileName => C:\WINDOWS\system32\mshtml.dll DesiredAccess => 0x80100180 CreateDisposition => 1 FileHandle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 18:34:37,040 | 588 | NtQueryInformationFile |
FileHandle => 0x00000434 FileInformation => \x00\xa0\xa1\x10'\x9e\xc8\x01\xa0\xef\x06\xf5|\xa0\xcf\x01\x00\xa0\xa1\x10'\x9e\xc8\x01\x10&d\xf5|\xa0\xcf\x01 \x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,040 | 588 | NtSetInformationFile |
FileHandle => 0x00000434 FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:37,040 | 588 | NtReadFile |
Buffer => MZ\x90\x00\x03\x00\x00\x00\x04\x00\x00\x00 FileHandle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 18:34:37,040 | 588 | NtQueryInformationFile |
FileHandle => 0x00000434 FileInformation => \x00\xd0.\x00\x00\x00\x00\x00\x00\xcc.\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,040 | 588 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0005 SectionHandle => 0x0000042c FileHandle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 18:34:37,040 | 588 | ZwMapViewOfSection |
SectionOffset => 0x00138ccc SectionHandle => 0x0000042c ProcessHandle => 0xffffffff BaseAddress => 0x02300000 |
SUCCESS | 0x00000000 | |
| 18:34:37,050 | 588 | RegOpenKeyExW |
Handle => 0x00000434 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume |
SUCCESS | 0x00000000 | |
| 18:34:37,050 | 588 | RegOpenKeyExW |
Handle => 0x0000042c Registry => 0x00000434 SubKey => {e6c716a2-b561-11e1-9849-806d6172696f}\ |
SUCCESS | 0x00000000 | |
| 18:34:37,050 | 588 | RegCloseKey |
Handle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 18:34:37,050 | 588 | RegQueryValueExW |
Handle => 0x0000042c Data => 1 ValueName => Generation |
SUCCESS | 0x00000000 | |
| 18:34:37,050 | 588 | RegCloseKey |
Handle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:37,050 | 588 | NtCreateFile |
ShareAccess => 3 FileName => C:\WINDOWS\system32\mshtml.dll DesiredAccess => 0x80100180 CreateDisposition => 1 FileHandle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:37,050 | 588 | NtQueryInformationFile |
FileHandle => 0x0000042c FileInformation => \x00\xa0\xa1\x10'\x9e\xc8\x01\xa0\xef\x06\xf5|\xa0\xcf\x01\x00\xa0\xa1\x10'\x9e\xc8\x01\x10&d\xf5|\xa0\xcf\x01 \x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,050 | 588 | NtSetInformationFile |
FileHandle => 0x0000042c FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:37,050 | 588 | NtReadFile |
Buffer => MZ\x90\x00\x03\x00\x00\x00\x04\x00\x00\x00 FileHandle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:37,050 | 588 | NtQueryInformationFile |
FileHandle => 0x0000042c FileInformation => \x00\xd0.\x00\x00\x00\x00\x00\x00\xcc.\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,050 | 588 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0005 SectionHandle => 0x00000434 FileHandle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:37,050 | 588 | ZwMapViewOfSection |
SectionOffset => 0x00138ccc SectionHandle => 0x00000434 ProcessHandle => 0xffffffff BaseAddress => 0x02300000 |
SUCCESS | 0x00000000 | |
| 18:34:37,060 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SHGetFileInfoW FunctionAddress => 0x7ca2aff3 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:37,060 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D} |
FAILURE | 0x00000002 | |
| 18:34:37,060 | 588 | RegOpenKeyExA |
Handle => 0x0000042e Registry => 0x80000000 SubKey => CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32 |
SUCCESS | 0x00000000 | |
| 18:34:37,060 | 588 | RegQueryValueExW |
Handle => 0x0000042e Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00S\x00H\x00E\x00L\x00L\x003\x002\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:37,060 | 588 | LdrLoadDll |
Flags => 1278612 BaseAddress => 0x7c9c0000 FileName => C:\WINDOWS\system32\SHELL32.dll |
SUCCESS | 0x00000000 | |
| 18:34:37,060 | 588 | RegCloseKey |
Handle => 0x0000042e |
SUCCESS | 0x00000000 | |
| 18:34:37,060 | 588 | RegOpenKeyExW |
Handle => 0x0000042e Registry => 0x80000000 SubKey => Drive\shellex\FolderExtensions |
SUCCESS | 0x00000000 | |
| 18:34:37,060 | 588 | RegEnumKeyW |
Handle => 0x0000042e Name => {fbeb8a05-beee-4442-804e-409d6c4515e9} Index => 0 |
SUCCESS | 0x00000000 | |
| 18:34:37,060 | 588 | RegOpenKeyExW |
Handle => 0x00000436 Registry => 0x80000000 SubKey => Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9} |
SUCCESS | 0x00000000 | |
| 18:34:37,060 | 588 | RegQueryValueExW |
Handle => 0x00000436 Data => 32 ValueName => DriveMask |
SUCCESS | 0x00000000 | |
| 18:34:37,060 | 588 | RegCloseKey |
Handle => 0x00000436 |
SUCCESS | 0x00000000 | |
| 18:34:37,060 | 588 | RegEnumKeyW |
Handle => 0x0000042e Name => {fbeb8a05-beee-4442-804e-409d6c4515e9} Index => 1 |
FAILURE | 0x00000103 | |
| 18:34:37,060 | 588 | RegCloseKey |
Handle => 0x0000042e |
SUCCESS | 0x00000000 | |
| 18:34:37,060 | 588 | RegOpenKeyExW |
Handle => 0x0000042c Registry => 0x00000208 SubKey => .htm |
SUCCESS | 0x00000000 | |
| 18:34:37,060 | 588 | RegQueryValueExW |
Handle => 0x0000042c DataLength => 128 ValueName => Progid Type => 1279692 |
FAILURE | 0x00000002 | |
| 18:34:37,060 | 588 | RegCloseKey |
Handle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:37,060 | 588 | RegOpenKeyExW |
Handle => 0x0000042c Registry => 0x00000208 SubKey => .htm |
SUCCESS | 0x00000000 | |
| 18:34:37,060 | 588 | RegQueryValueExW |
Handle => 0x0000042c DataLength => 128 ValueName => Application Type => 1279692 |
FAILURE | 0x00000002 | |
| 18:34:37,060 | 588 | RegCloseKey |
Handle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:37,060 | 588 | RegOpenKeyExW |
Handle => 0x0000042e Registry => 0x80000000 SubKey => .htm |
SUCCESS | 0x00000000 | |
| 18:34:37,060 | 588 | RegQueryValueExW |
Handle => 0x0000042e Data => h\x00t\x00m\x00l\x00f\x00i\x00l\x00e\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:37,060 | 588 | RegOpenKeyExW |
Handle => 0x00000436 Registry => 0x80000000 SubKey => htmlfile |
SUCCESS | 0x00000000 | |
| 18:34:37,060 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000436 SubKey => CurVer |
FAILURE | 0x00000002 | |
| 18:34:37,060 | 588 | RegOpenKeyExW |
Handle => 0x00000432 Registry => 0x00000436 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:37,060 | 588 | RegCloseKey |
Handle => 0x00000436 |
SUCCESS | 0x00000000 | |
| 18:34:37,060 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000432 SubKey => ShellEx\IconHandler |
FAILURE | 0x00000002 | |
| 18:34:37,060 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000000 SubKey => SystemFileAssociations\.htm |
FAILURE | 0x00000002 | |
| 18:34:37,060 | 588 | RegOpenKeyExW |
Handle => 0x00000436 Registry => 0x80000000 SubKey => .htm |
SUCCESS | 0x00000000 | |
| 18:34:37,060 | 588 | RegQueryValueExW |
Handle => 0x00000436 Data => t\x00e\x00x\x00t\x00\x00\x00 ValueName => PerceivedType |
SUCCESS | 0x00000000 | |
| 18:34:37,060 | 588 | RegCloseKey |
Handle => 0x00000436 |
SUCCESS | 0x00000000 | |
| 18:34:37,060 | 588 | RegOpenKeyExW |
Handle => 0x00000436 Registry => 0x80000000 SubKey => SystemFileAssociations\text |
SUCCESS | 0x00000000 | |
| 18:34:37,060 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000436 SubKey => ShellEx\IconHandler |
FAILURE | 0x00000002 | |
| 18:34:37,060 | 588 | RegQueryValueExW |
Handle => 0x00000432 DataLength => 0 ValueName => DocObject Type => 0 |
FAILURE | 0x00000002 | |
| 18:34:37,060 | 588 | RegQueryValueExW |
Handle => 0x00000436 DataLength => 0 ValueName => DocObject Type => 0 |
FAILURE | 0x00000002 | |
| 18:34:37,060 | 588 | RegQueryValueExW |
Handle => 0x00000432 DataLength => 0 ValueName => BrowseInPlace Type => 0 |
FAILURE | 0x00000002 | |
| 18:34:37,060 | 588 | RegQueryValueExW |
Handle => 0x00000436 DataLength => 0 ValueName => BrowseInPlace Type => 0 |
FAILURE | 0x00000002 | |
| 18:34:37,060 | 588 | RegOpenKeyExW |
Handle => 0x0000042a Registry => 0x00000432 SubKey => Clsid |
SUCCESS | 0x00000000 | |
| 18:34:37,060 | 588 | RegQueryValueExW |
Handle => 0x0000042a Data => {\x002\x005\x003\x003\x006\x009\x002\x000\x00-\x000\x003\x00F\x009\x00-\x001\x001\x00c\x00f\x00-\x008\x00F\x00D\x000\x00-\x000\x000\x00A\x00A\x000\x000\x006\x008\x006\x00F\x001\x003\x00}\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:37,060 | 588 | RegCloseKey |
Handle => 0x0000042a |
SUCCESS | 0x00000000 | |
| 18:34:37,060 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000000 SubKey => CLSID\{25336920-03F9-11cf-8FD0-00AA00686F13}\Implemented Categories\{00021490-0000-0000-C000-000000000046} |
FAILURE | 0x00000002 | |
| 18:34:37,060 | 588 | RegQueryValueExW |
Handle => 0x00000432 DataLength => 0 ValueName => IsShortcut Type => 0 |
FAILURE | 0x00000002 | |
| 18:34:37,060 | 588 | RegQueryValueExW |
Handle => 0x00000436 DataLength => 0 ValueName => IsShortcut Type => 0 |
FAILURE | 0x00000002 | |
| 18:34:37,060 | 588 | RegQueryValueExW |
Handle => 0x00000432 DataLength => 0 ValueName => AlwaysShowExt Type => 0 |
FAILURE | 0x00000002 | |
| 18:34:37,060 | 588 | RegQueryValueExW |
Handle => 0x00000436 DataLength => 0 ValueName => AlwaysShowExt Type => 0 |
FAILURE | 0x00000002 | |
| 18:34:37,060 | 588 | RegQueryValueExW |
Handle => 0x00000432 DataLength => 0 ValueName => NeverShowExt Type => 0 |
FAILURE | 0x00000002 | |
| 18:34:37,060 | 588 | RegQueryValueExW |
Handle => 0x00000436 DataLength => 0 ValueName => NeverShowExt Type => 0 |
FAILURE | 0x00000002 | |
| 18:34:37,060 | 588 | RegOpenKeyExW |
Handle => 0x0000042a Registry => 0x00000432 SubKey => DefaultIcon |
SUCCESS | 0x00000000 | |
| 18:34:37,070 | 588 | RegQueryValueExW |
Handle => 0x0000042a Data => C\x00:\x00\\x00P\x00r\x00o\x00g\x00r\x00a\x00m\x00 \x00F\x00i\x00l\x00e\x00s\x00\\x00I\x00n\x00t\x00e\x00r\x00n\x00e\x00t\x00 \x00E\x00x\x00p\x00l\x00o\x00r\x00e\x00r\x00\\x00i\x00e\x00x\x00p\x00l\x00o\x00r\x00e\x00.\x00e\x00x\x00e\x00,\x001\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:37,070 | 588 | RegCloseKey |
Handle => 0x0000042a |
SUCCESS | 0x00000000 | |
| 18:34:37,070 | 588 | RegOpenKeyExW |
Handle => 0x00000428 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume |
SUCCESS | 0x00000000 | |
| 18:34:37,070 | 588 | RegOpenKeyExW |
Handle => 0x00000438 Registry => 0x00000428 SubKey => {e6c716a2-b561-11e1-9849-806d6172696f}\ |
SUCCESS | 0x00000000 | |
| 18:34:37,070 | 588 | RegCloseKey |
Handle => 0x00000428 |
SUCCESS | 0x00000000 | |
| 18:34:37,070 | 588 | RegQueryValueExW |
Handle => 0x00000438 Data => 1 ValueName => Generation |
SUCCESS | 0x00000000 | |
| 18:34:37,070 | 588 | RegCloseKey |
Handle => 0x00000438 |
SUCCESS | 0x00000000 | |
| 18:34:37,070 | 588 | NtCreateFile |
ShareAccess => 3 FileName => C:\Program Files\Internet Explorer\iexplore.exe DesiredAccess => 0x80100180 CreateDisposition => 1 FileHandle => 0x00000438 |
SUCCESS | 0x00000000 | |
| 18:34:37,070 | 588 | NtQueryInformationFile |
FileHandle => 0x00000438 FileInformation => @\x93\xd3\x96\xd4I\xcd\x01\xc0\x02\x13\xe8|\xa0\xcf\x01\x00\xa0\xa1\x10'\x9e\xc8\x01\xc0\x9b/C\xe0\x91\xcf\x01 \x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,070 | 588 | NtSetInformationFile |
FileHandle => 0x00000438 FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:37,070 | 588 | NtReadFile |
Buffer => MZ\x90\x00\x03\x00\x00\x00\x04\x00\x00\x00 FileHandle => 0x00000438 |
SUCCESS | 0x00000000 | |
| 18:34:37,070 | 588 | NtQueryInformationFile |
FileHandle => 0x00000438 FileInformation => \x00p\x01\x00\x00\x00\x00\x00\x00l\x01\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,070 | 588 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0005 SectionHandle => 0x00000428 FileHandle => 0x00000438 |
SUCCESS | 0x00000000 | |
| 18:34:37,070 | 588 | ZwMapViewOfSection |
SectionOffset => 0x0013824c SectionHandle => 0x00000428 ProcessHandle => 0xffffffff BaseAddress => 0x02300000 |
SUCCESS | 0x00000000 | |
| 18:34:37,070 | 588 | RegOpenKeyExW |
Handle => 0x00000438 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume |
SUCCESS | 0x00000000 | |
| 18:34:37,070 | 588 | RegOpenKeyExW |
Handle => 0x00000428 Registry => 0x00000438 SubKey => {e6c716a2-b561-11e1-9849-806d6172696f}\ |
SUCCESS | 0x00000000 | |
| 18:34:37,070 | 588 | RegCloseKey |
Handle => 0x00000438 |
SUCCESS | 0x00000000 | |
| 18:34:37,070 | 588 | RegQueryValueExW |
Handle => 0x00000428 Data => 1 ValueName => Generation |
SUCCESS | 0x00000000 | |
| 18:34:37,070 | 588 | RegCloseKey |
Handle => 0x00000428 |
SUCCESS | 0x00000000 | |
| 18:34:37,070 | 588 | NtCreateFile |
ShareAccess => 3 FileName => C:\Program Files\Internet Explorer\iexplore.exe DesiredAccess => 0x80100180 CreateDisposition => 1 FileHandle => 0x00000428 |
SUCCESS | 0x00000000 | |
| 18:34:37,070 | 588 | NtQueryInformationFile |
FileHandle => 0x00000428 FileInformation => @\x93\xd3\x96\xd4I\xcd\x01\xc0\x02\x13\xe8|\xa0\xcf\x01\x00\xa0\xa1\x10'\x9e\xc8\x01\xa0\xbbh\xf5|\xa0\xcf\x01 \x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,070 | 588 | NtSetInformationFile |
FileHandle => 0x00000428 FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:37,070 | 588 | NtReadFile |
Buffer => MZ\x90\x00\x03\x00\x00\x00\x04\x00\x00\x00 FileHandle => 0x00000428 |
SUCCESS | 0x00000000 | |
| 18:34:37,070 | 588 | NtQueryInformationFile |
FileHandle => 0x00000428 FileInformation => \x00p\x01\x00\x00\x00\x00\x00\x00l\x01\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,081 | 588 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0005 SectionHandle => 0x00000438 FileHandle => 0x00000428 |
SUCCESS | 0x00000000 | |
| 18:34:37,081 | 588 | ZwMapViewOfSection |
SectionOffset => 0x0013824c SectionHandle => 0x00000438 ProcessHandle => 0xffffffff BaseAddress => 0x02300000 |
SUCCESS | 0x00000000 | |
| 18:34:37,081 | 588 | RegOpenKeyExW |
Handle => 0x00000428 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume |
SUCCESS | 0x00000000 | |
| 18:34:37,081 | 588 | RegOpenKeyExW |
Handle => 0x00000438 Registry => 0x00000428 SubKey => {e6c716a2-b561-11e1-9849-806d6172696f}\ |
SUCCESS | 0x00000000 | |
| 18:34:37,081 | 588 | RegCloseKey |
Handle => 0x00000428 |
SUCCESS | 0x00000000 | |
| 18:34:37,081 | 588 | RegQueryValueExW |
Handle => 0x00000438 Data => 1 ValueName => Generation |
SUCCESS | 0x00000000 | |
| 18:34:37,081 | 588 | RegCloseKey |
Handle => 0x00000438 |
SUCCESS | 0x00000000 | |
| 18:34:37,081 | 588 | NtCreateFile |
ShareAccess => 3 FileName => C:\Program Files\Internet Explorer\iexplore.exe DesiredAccess => 0x80100180 CreateDisposition => 1 FileHandle => 0x00000438 |
SUCCESS | 0x00000000 | |
| 18:34:37,081 | 588 | NtQueryInformationFile |
FileHandle => 0x00000438 FileInformation => @\x93\xd3\x96\xd4I\xcd\x01\xc0\x02\x13\xe8|\xa0\xcf\x01\x00\xa0\xa1\x10'\x9e\xc8\x01\xa0\xbbh\xf5|\xa0\xcf\x01 \x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,081 | 588 | NtSetInformationFile |
FileHandle => 0x00000438 FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:37,081 | 588 | NtReadFile |
Buffer => MZ\x90\x00\x03\x00\x00\x00\x04\x00\x00\x00 FileHandle => 0x00000438 |
SUCCESS | 0x00000000 | |
| 18:34:37,081 | 588 | NtQueryInformationFile |
FileHandle => 0x00000438 FileInformation => \x00p\x01\x00\x00\x00\x00\x00\x00l\x01\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,081 | 588 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0005 SectionHandle => 0x00000428 FileHandle => 0x00000438 |
SUCCESS | 0x00000000 | |
| 18:34:37,081 | 588 | ZwMapViewOfSection |
SectionOffset => 0x0013824c SectionHandle => 0x00000428 ProcessHandle => 0xffffffff BaseAddress => 0x02300000 |
SUCCESS | 0x00000000 | |
| 18:34:37,091 | 588 | RegOpenKeyExW |
Handle => 0x00000438 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume |
SUCCESS | 0x00000000 | |
| 18:34:37,091 | 588 | RegOpenKeyExW |
Handle => 0x00000428 Registry => 0x00000438 SubKey => {e6c716a2-b561-11e1-9849-806d6172696f}\ |
SUCCESS | 0x00000000 | |
| 18:34:37,091 | 588 | RegCloseKey |
Handle => 0x00000438 |
SUCCESS | 0x00000000 | |
| 18:34:37,091 | 588 | RegQueryValueExW |
Handle => 0x00000428 Data => 1 ValueName => Generation |
SUCCESS | 0x00000000 | |
| 18:34:37,091 | 588 | RegCloseKey |
Handle => 0x00000428 |
SUCCESS | 0x00000000 | |
| 18:34:37,091 | 588 | NtCreateFile |
ShareAccess => 3 FileName => C:\Program Files\Internet Explorer\iexplore.exe DesiredAccess => 0x80100180 CreateDisposition => 1 FileHandle => 0x00000428 |
SUCCESS | 0x00000000 | |
| 18:34:37,091 | 588 | NtQueryInformationFile |
FileHandle => 0x00000428 FileInformation => @\x93\xd3\x96\xd4I\xcd\x01\xc0\x02\x13\xe8|\xa0\xcf\x01\x00\xa0\xa1\x10'\x9e\xc8\x01\xd0Bj\xf5|\xa0\xcf\x01 \x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,091 | 588 | NtSetInformationFile |
FileHandle => 0x00000428 FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:37,091 | 588 | NtReadFile |
Buffer => MZ\x90\x00\x03\x00\x00\x00\x04\x00\x00\x00 FileHandle => 0x00000428 |
SUCCESS | 0x00000000 | |
| 18:34:37,091 | 588 | NtQueryInformationFile |
FileHandle => 0x00000428 FileInformation => \x00p\x01\x00\x00\x00\x00\x00\x00l\x01\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,091 | 588 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0005 SectionHandle => 0x00000438 FileHandle => 0x00000428 |
SUCCESS | 0x00000000 | |
| 18:34:37,091 | 588 | ZwMapViewOfSection |
SectionOffset => 0x0013824c SectionHandle => 0x00000438 ProcessHandle => 0xffffffff BaseAddress => 0x02300000 |
SUCCESS | 0x00000000 | |
| 18:34:37,101 | 588 | RegCloseKey |
Handle => 0x0000042e |
SUCCESS | 0x00000000 | |
| 18:34:37,101 | 588 | RegCloseKey |
Handle => 0x00000432 |
SUCCESS | 0x00000000 | |
| 18:34:37,101 | 588 | RegCloseKey |
Handle => 0x00000436 |
SUCCESS | 0x00000000 | |
| 18:34:37,101 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => URL.DLL |
FAILURE | 3221225781 | 1 time |
| 18:34:37,101 | 588 | RegOpenKeyExW |
Handle => 0x00000436 Registry => 0x00000072 SubKey => CLSID\{FBF23B42-E3F0-101B-8488-00AA003E56F8}\InProcServer32 |
SUCCESS | 0x00000000 | |
| 18:34:37,101 | 588 | RegQueryValueExW |
Handle => 0x00000436 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00u\x00r\x00l\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:37,101 | 588 | RegOpenKeyExW |
Handle => 0x00000436 Registry => 0x80000000 SubKey => http\DefaultIcon |
SUCCESS | 0x00000000 | |
| 18:34:37,101 | 588 | RegQueryValueExW |
Handle => 0x00000436 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00u\x00r\x00l\x00.\x00d\x00l\x00l\x00,\x000\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:37,101 | 588 | RegCloseKey |
Handle => 0x00000436 |
SUCCESS | 0x00000000 | |
| 18:34:37,101 | 588 | RegOpenKeyExW |
Handle => 0x00000434 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main |
SUCCESS | 0x00000000 | |
| 18:34:37,101 | 588 | RegQueryValueExW |
Handle => 0x00000434 DataLength => 4 ValueName => StatusBarWeb Type => 1298476 |
FAILURE | 0x00000002 | |
| 18:34:37,101 | 588 | RegCloseKey |
Handle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 18:34:37,101 | 588 | NtQueryInformationFile |
FileHandle => 0x00000174 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,101 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{871C5380-42A0-1069-A2EA-08002B30309D} |
FAILURE | 0x00000002 | |
| 18:34:37,101 | 588 | RegOpenKeyExW |
Handle => 0x00000436 Registry => 0x80000000 SubKey => CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32 |
SUCCESS | 0x00000000 | |
| 18:34:37,101 | 588 | RegQueryValueExW |
Handle => 0x00000436 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00s\x00h\x00d\x00o\x00c\x00v\x00w\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:37,101 | 588 | RegQueryValueExW |
Handle => 0x00000436 DataLength => 0 ValueName => LoadWithoutCOM Type => 0 |
FAILURE | 0x00000002 | |
| 18:34:37,101 | 588 | RegCloseKey |
Handle => 0x00000436 |
SUCCESS | 0x00000000 | |
| 18:34:37,101 | 588 | RegQueryValueExW |
Handle => 0x00000310 DataLength => 0 ValueName => {871C5380-42A0-1069-A2EA-08002B30309D} Type => 0 |
FAILURE | 0x00000002 | |
| 18:34:37,101 | 588 | RegQueryValueExW |
Handle => 0x00000334 DataLength => 0 ValueName => {871C5380-42A0-1069-A2EA-08002B30309D} Type => 0 |
FAILURE | 0x00000002 | |
| 18:34:37,101 | 588 | RegQueryValueExW |
Handle => 0x00000338 DataLength => 4 ValueName => {871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0x401 Type => 1286240 |
FAILURE | 0x00000002 | |
| 18:34:37,101 | 588 | RegQueryValueExW |
Handle => 0x0000033c Data => ValueName => {871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0x401 |
SUCCESS | 0x00000000 | |
| 18:34:37,101 | 588 | NtOpenKey |
DesiredAccess => 2147483648 KeyHandle => 0x00000434 ObjectAttributes => \Registry\Machine\Software\Classes\CLSID\{871c5380-42a0-1069-a2ea-08002b30309d}\InProcServer32 |
SUCCESS | 0x00000000 | |
| 18:34:37,101 | 588 | NtQueryValueKey |
Information => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00s\x00h\x00d\x00o\x00c\x00v\x00w\x00.\x00d\x00l\x00l\x00\x00\x00 KeyHandle => 0x00000434 ValueName => Type => 2 |
SUCCESS | 0x00000000 | |
| 18:34:37,101 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7e290000 FileName => shdocvw.dll |
SUCCESS | 0x00000000 | |
| 18:34:37,101 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => EXPLORER.EXE |
FAILURE | 3221225781 | 1 time |
| 18:34:37,101 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{871C5380-42A0-1069-A2EA-08002B30309D} |
FAILURE | 0x00000002 | |
| 18:34:37,101 | 588 | NtQueryInformationFile |
FileHandle => 0x00000174 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,101 | 588 | GetSystemMetrics |
SystemMetricIndex => 31 |
SUCCESS | 0x00000019 | 7 times |
| 18:34:37,101 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => ImageList_GetIcon FunctionAddress => 0x773e55c7 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:34:37,101 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7e410000 FileName => USER32 |
SUCCESS | 0x00000000 | |
| 18:34:37,101 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetProcessDefaultLayout FunctionAddress => 0x7e4563e4 ModuleHandle => 0x7e410000 |
SUCCESS | 0x00000000 | |
| 18:34:37,101 | 588 | GetSystemMetrics |
SystemMetricIndex => 31 |
SUCCESS | 0x00000019 | 15 times |
| 18:34:37,111 | 588 | LdrGetProcedureAddress |
Ordinal => 8 FunctionName => FunctionAddress => 0x77124950 ModuleHandle => 0x77120000 |
SUCCESS | 0x00000000 | |
| 18:34:37,111 | 588 | LdrGetProcedureAddress |
Ordinal => 411 FunctionName => FunctionAddress => 0x771251e9 ModuleHandle => 0x77120000 |
SUCCESS | 0x00000000 | |
| 18:34:37,111 | 588 | LdrLoadDll |
Flags => 1297136 BaseAddress => 0x77120000 FileName => OLEAUT32 |
SUCCESS | 0x00000000 | |
| 18:34:37,111 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => BSTR_UserSize FunctionAddress => 0x7712c087 ModuleHandle => 0x77120000 |
SUCCESS | 0x00000000 | |
| 18:34:37,111 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => BSTR_UserMarshal FunctionAddress => 0x7712c0b8 ModuleHandle => 0x77120000 |
SUCCESS | 0x00000000 | |
| 18:34:37,111 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => BSTR_UserUnmarshal FunctionAddress => 0x7712c370 ModuleHandle => 0x77120000 |
SUCCESS | 0x00000000 | |
| 18:34:37,111 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => BSTR_UserFree FunctionAddress => 0x7712c114 ModuleHandle => 0x77120000 |
SUCCESS | 0x00000000 | |
| 18:34:37,111 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => VARIANT_UserSize FunctionAddress => 0x77134cba ModuleHandle => 0x77120000 |
SUCCESS | 0x00000000 | |
| 18:34:37,111 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => VARIANT_UserMarshal FunctionAddress => 0x77134ea8 ModuleHandle => 0x77120000 |
SUCCESS | 0x00000000 | |
| 18:34:37,111 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => VARIANT_UserUnmarshal FunctionAddress => 0x771340ec ModuleHandle => 0x77120000 |
SUCCESS | 0x00000000 | |
| 18:34:37,111 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => VARIANT_UserFree FunctionAddress => 0x77134c43 ModuleHandle => 0x77120000 |
SUCCESS | 0x00000000 | |
| 18:34:37,111 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => LPSAFEARRAY_UserSize FunctionAddress => 0x77135396 ModuleHandle => 0x77120000 |
SUCCESS | 0x00000000 | |
| 18:34:37,111 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => LPSAFEARRAY_UserMarshal FunctionAddress => 0x77135537 ModuleHandle => 0x77120000 |
SUCCESS | 0x00000000 | |
| 18:34:37,111 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => LPSAFEARRAY_UserUnmarshal FunctionAddress => 0x77133942 ModuleHandle => 0x77120000 |
SUCCESS | 0x00000000 | |
| 18:34:37,111 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => LPSAFEARRAY_UserFree FunctionAddress => 0x77134b7d ModuleHandle => 0x77120000 |
SUCCESS | 0x00000000 | |
| 18:34:37,121 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | 1 time |
| 18:34:37,121 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => RevokeBindStatusCallback FunctionAddress => 0x7e1f5a8a ModuleHandle => 0x7e1e0000 |
SUCCESS | 0x00000000 | |
| 18:34:37,121 | 588 | NtFreeVirtualMemory |
FreeType => 0x00004000 ProcessHandle => 0xffffffff RegionSize => 0x00001000 BaseAddress => 0x001d8000 |
SUCCESS | 0x00000000 | |
| 18:34:37,121 | 588 | NtFreeVirtualMemory |
FreeType => 0x00004000 ProcessHandle => 0xffffffff RegionSize => 0x00003000 BaseAddress => 0x001d9000 |
SUCCESS | 0x00000000 | |
| 18:34:37,121 | 588 | NtFreeVirtualMemory |
FreeType => 0x00004000 ProcessHandle => 0xffffffff RegionSize => 0x00002000 BaseAddress => 0x001de000 |
SUCCESS | 0x00000000 | |
| 18:34:37,121 | 588 | NtFreeVirtualMemory |
FreeType => 0x00004000 ProcessHandle => 0xffffffff RegionSize => 0x00003000 BaseAddress => 0x001e0000 |
SUCCESS | 0x00000000 | |
| 18:34:37,121 | 588 | NtFreeVirtualMemory |
FreeType => 0x00004000 ProcessHandle => 0xffffffff RegionSize => 0x00001000 BaseAddress => 0x001a8000 |
SUCCESS | 0x00000000 | |
| 18:34:37,121 | 588 | NtFreeVirtualMemory |
FreeType => 0x00004000 ProcessHandle => 0xffffffff RegionSize => 0x00001000 BaseAddress => 0x001d6000 |
SUCCESS | 0x00000000 | |
| 18:34:37,121 | 588 | NtFreeVirtualMemory |
FreeType => 0x00004000 ProcessHandle => 0xffffffff RegionSize => 0x00001000 BaseAddress => 0x001e4000 |
SUCCESS | 0x00000000 | |
| 18:34:37,121 | 588 | NtFreeVirtualMemory |
FreeType => 0x00004000 ProcessHandle => 0xffffffff RegionSize => 0x00001000 BaseAddress => 0x001e7000 |
SUCCESS | 0x00000000 | |
| 18:34:37,121 | 588 | NtFreeVirtualMemory |
FreeType => 0x00004000 ProcessHandle => 0xffffffff RegionSize => 0x00001000 BaseAddress => 0x001e8000 |
SUCCESS | 0x00000000 | |
| 18:34:37,121 | 588 | NtFreeVirtualMemory |
FreeType => 0x00004000 ProcessHandle => 0xffffffff RegionSize => 0x00002000 BaseAddress => 0x001e9000 |
SUCCESS | 0x00000000 | |
| 18:34:37,121 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:34:37,121 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7e410000 FileName => USER32 |
SUCCESS | 0x00000000 | |
| 18:34:37,131 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => NotifyWinEvent FunctionAddress => 0x7e4299cb ModuleHandle => 0x7e410000 |
SUCCESS | 0x00000000 | |
| 18:34:37,141 | 588 | RegOpenKeyExW |
Handle => 0x00000434 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:37,141 | 588 | RegQueryValueExW |
Handle => 0x00000434 DataLength => 4 ValueName => Security_HKLM_only Type => 1295016 |
FAILURE | 0x00000002 | |
| 18:34:37,141 | 588 | RegCloseKey |
Handle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 18:34:37,141 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:37,141 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:37,141 | 588 | RegOpenKeyExW |
Handle => 0x00000434 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 18:34:37,141 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:37,141 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000434 SubKey => FEATURE_DISPLAY_NODE_ADVISE_KB833311 |
FAILURE | 0x00000002 | |
| 18:34:37,141 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 18:34:37,141 | 588 | RegCloseKey |
Handle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 18:34:37,141 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 18:34:37,141 | 588 | RegOpenKeyExW |
Handle => 0x00000434 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:37,141 | 588 | RegQueryValueExW |
Handle => 0x00000434 DataLength => 4 ValueName => Security_HKLM_only Type => 1303064 |
FAILURE | 0x00000002 | |
| 18:34:37,141 | 588 | RegCloseKey |
Handle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 18:34:37,141 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:37,141 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:37,141 | 588 | RegOpenKeyExW |
Handle => 0x00000434 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
SUCCESS | 0x00000000 | |
| 18:34:37,141 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main\FeatureControl |
FAILURE | 0x00000002 | |
| 18:34:37,141 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000434 SubKey => FEATURE_COMPLETE_PROGRESSBAR_ONFLASH_925973 |
FAILURE | 0x00000002 | |
| 18:34:37,141 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | 1 time |
| 18:34:37,141 | 588 | RegCloseKey |
Handle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 18:34:37,141 | 588 | RegCloseKey |
Handle => 0x00000000 |
FAILURE | 0x00000006 | |
| 18:34:37,141 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:37,141 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:37,141 | 588 | GetSystemMetrics |
SystemMetricIndex => 2 |
SUCCESS | 0x00000011 | |
| 18:34:37,141 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:37,141 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:37,141 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:37,141 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:37,141 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:37,141 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:37,141 | 588 | NtQueryInformationFile |
FileHandle => 0x00000174 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,141 | 588 | GetSystemMetrics |
SystemMetricIndex => 31 |
SUCCESS | 0x00000019 | 7 times |
| 18:34:37,151 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x000003c8 SubKey => Domains\internet |
FAILURE | 0x00000002 | |
| 18:34:37,151 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet |
FAILURE | 0x00000002 | |
| 18:34:37,151 | 588 | RegOpenKeyExA |
Handle => 0x00000434 Registry => 0x000003c8 SubKey => ProtocolDefaults\ |
SUCCESS | 0x00000000 | |
| 18:34:37,151 | 588 | RegQueryValueExW |
Handle => 0x00000434 DataLength => 4 ValueName => about Type => 1300876 |
FAILURE | 0x00000002 | |
| 18:34:37,151 | 588 | RegOpenKeyExA |
Handle => 0x00000430 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults\ |
SUCCESS | 0x00000000 | |
| 18:34:37,151 | 588 | RegQueryValueExW |
Handle => 0x00000430 DataLength => 4 ValueName => about Type => 1300876 |
FAILURE | 0x00000002 | |
| 18:34:37,151 | 588 | RegQueryValueExW |
Handle => 0x00000434 DataLength => 4 ValueName => * Type => 1300876 |
FAILURE | 0x00000002 | |
| 18:34:37,151 | 588 | RegQueryValueExW |
Handle => 0x00000430 DataLength => 4 ValueName => * Type => 1300876 |
FAILURE | 0x00000002 | |
| 18:34:37,151 | 588 | RegCloseKey |
Handle => 0x00000430 |
SUCCESS | 0x00000000 | |
| 18:34:37,151 | 588 | RegCloseKey |
Handle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 18:34:37,151 | 588 | NtOpenKey |
DesiredAccess => 2147483648 KeyHandle => 0x00000434 ObjectAttributes => \Registry\Machine\Software\Classes\CLSID\{7b8a2d95-0ac9-11d1-896c-00c04fb6bfc4}\InProcServer32 |
SUCCESS | 0x00000000 | |
| 18:34:37,151 | 588 | NtQueryValueKey |
Information => C\x00:\x00\\x00W\x00I\x00N\x00D\x00O\x00W\x00S\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00u\x00r\x00l\x00m\x00o\x00n\x00.\x00d\x00l\x00l\x00\x00\x00 KeyHandle => 0x00000434 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:37,151 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7e1e0000 FileName => urlmon.dll |
SUCCESS | 0x00000000 | |
| 18:34:37,151 | 588 | RegOpenKeyExW |
Handle => 0x00000434 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:37,151 | 588 | RegQueryValueExW |
Handle => 0x00000434 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:37,151 | 588 | RegCloseKey |
Handle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 18:34:37,151 | 588 | RegOpenKeyExW |
Handle => 0x00000434 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:37,151 | 588 | RegQueryValueExW |
Handle => 0x00000434 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:37,151 | 588 | RegCloseKey |
Handle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 18:34:37,151 | 588 | RegOpenKeyExW |
Handle => 0x00000436 Registry => 0x000000e6 SubKey => CLSID\{7B8A2D95-0AC9-11D1-896C-00C04FB6BFC4} |
SUCCESS | 0x00000000 | |
| 18:34:37,151 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000436 SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:37,151 | 588 | RegOpenKeyExW |
Handle => 0x00000432 Registry => 0x000000e6 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:37,151 | 588 | RegCloseKey |
Handle => 0x00000436 |
SUCCESS | 0x00000000 | |
| 18:34:37,151 | 588 | RegOpenKeyExW |
Handle => 0x00000436 Registry => 0x00000432 SubKey => CLSID\{7B8A2D95-0AC9-11D1-896C-00C04FB6BFC4} |
SUCCESS | 0x00000000 | |
| 18:34:37,151 | 588 | RegOpenKeyExW |
Handle => 0x0000042e Registry => 0x00000436 SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:37,151 | 588 | RegQueryValueExW |
Handle => 0x0000042e DataLength => 1000 ValueName => InprocServer32 Type => 1567048 |
FAILURE | 0x00000002 | |
| 18:34:37,161 | 588 | RegCloseKey |
Handle => 0x0000042e |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000436 SubKey => InprocServerX86 |
FAILURE | 0x00000002 | |
| 18:34:37,161 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000436 SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:37,161 | 588 | RegOpenKeyExW |
Handle => 0x0000042e Registry => 0x00000436 SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegQueryValueExW |
Handle => 0x0000042e Data => C\x00:\x00\\x00W\x00I\x00N\x00D\x00O\x00W\x00S\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00u\x00r\x00l\x00m\x00o\x00n\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegCloseKey |
Handle => 0x0000042e |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000436 SubKey => InprocHandler32 |
FAILURE | 0x00000002 | |
| 18:34:37,161 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000436 SubKey => InprocHandlerX86 |
FAILURE | 0x00000002 | |
| 18:34:37,161 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000436 SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:37,161 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000436 SubKey => LocalServer |
FAILURE | 0x00000002 | |
| 18:34:37,161 | 588 | RegOpenKeyExW |
Handle => 0x0000042e Registry => 0x00000432 SubKey => CLSID\{7B8A2D95-0AC9-11D1-896C-00C04FB6BFC4} |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegQueryValueExW |
Handle => 0x0000042e DataLength => 100 ValueName => AppID Type => 1299588 |
FAILURE | 0x00000002 | |
| 18:34:37,161 | 588 | RegCloseKey |
Handle => 0x0000042e |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegCloseKey |
Handle => 0x00000436 |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegOpenKeyExA |
Handle => 0x00000434 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegQueryValueExW |
Handle => 0x00000434 Data => M\x00y\x00 \x00C\x00o\x00m\x00p\x00u\x00t\x00e\x00r\x00\x00\x00 ValueName => DisplayName |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegQueryValueExW |
Handle => 0x00000434 Data => Y\x00o\x00u\x00r\x00 \x00c\x00o\x00m\x00p\x00u\x00t\x00e\x00r\x00\x00\x00 ValueName => Description |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegQueryValueExW |
Handle => 0x00000434 Data => e\x00x\x00p\x00l\x00o\x00r\x00e\x00r\x00.\x00e\x00x\x00e\x00#\x000\x001\x000\x000\x00\x00\x00 ValueName => Icon |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegQueryValueExW |
Handle => 0x00000434 DataLength => 4 ValueName => MinLevel Type => 1301956 |
FAILURE | 0x00000002 | |
| 18:34:37,161 | 588 | RegOpenKeyExA |
Handle => 0x0000042c Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegQueryValueExW |
Handle => 0x0000042c DataLength => 4 ValueName => MinLevel Type => 1301956 |
FAILURE | 0x00000002 | |
| 18:34:37,161 | 588 | RegQueryValueExW |
Handle => 0x00000434 DataLength => 4 ValueName => RecommendedLevel Type => 1301960 |
FAILURE | 0x00000002 | |
| 18:34:37,161 | 588 | RegQueryValueExW |
Handle => 0x0000042c DataLength => 4 ValueName => RecommendedLevel Type => 1301960 |
FAILURE | 0x00000002 | |
| 18:34:37,161 | 588 | RegQueryValueExW |
Handle => 0x00000434 Data => 0 ValueName => CurrentLevel |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegOpenKeyExA |
Handle => 0x00000428 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegQueryValueExW |
Handle => 0x00000428 Data => 33 ValueName => Flags |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegCloseKey |
Handle => 0x00000428 |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegCloseKey |
Handle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegCloseKey |
Handle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegOpenKeyExA |
Handle => 0x00000434 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegQueryValueExW |
Handle => 0x00000434 Data => L\x00o\x00c\x00a\x00l\x00 \x00i\x00n\x00t\x00r\x00a\x00n\x00e\x00t\x00\x00\x00 ValueName => DisplayName |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegQueryValueExW |
Handle => 0x00000434 Data => T\x00h\x00i\x00s\x00 \x00z\x00o\x00n\x00e\x00 \x00c\x00o\x00n\x00t\x00a\x00i\x00n\x00s\x00 \x00a\x00l\x00l\x00 \x00W\x00e\x00b\x00 \x00s\x00i\x00t\x00e\x00s\x00 \x00t\x00h\x00a\x00t\x00 \x00a\x00r\x00e\x00 \x00o\x00n\x00 \x00y\x00o\x00u\x00r\x00 \x00o\x00r\x00g\x00a\x00n\x00i\x00z\x00a\x00t\x00i\x00o\x00n\x00'\x00s\x00 \x00i\x00n\x00t\x00r\x00a\x00n\x00e\x00t\x00.\x00\x00\x00 ValueName => Description |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegQueryValueExW |
Handle => 0x00000434 Data => s\x00h\x00e\x00l\x00l\x003\x002\x00.\x00d\x00l\x00l\x00#\x000\x000\x001\x008\x00\x00\x00 ValueName => Icon |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegQueryValueExW |
Handle => 0x00000434 Data => 65536 ValueName => MinLevel |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegQueryValueExW |
Handle => 0x00000434 Data => 66816 ValueName => RecommendedLevel |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegQueryValueExW |
Handle => 0x00000434 Data => 0 ValueName => CurrentLevel |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegOpenKeyExA |
Handle => 0x0000042c Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegQueryValueExW |
Handle => 0x0000042c Data => 219 ValueName => Flags |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegOpenKeyExA |
Handle => 0x00000428 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegSetValueExW |
Handle => 0x00000428 Buffer => 1 ValueName => ProxyBypass Type => 4 |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegSetValueExW |
Handle => 0x00000428 Buffer => 1 ValueName => IntranetName Type => 4 |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegSetValueExW |
Handle => 0x00000428 Buffer => 1 ValueName => UNCAsIntranet Type => 4 |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegCloseKey |
Handle => 0x00000428 |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegCloseKey |
Handle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegCloseKey |
Handle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegOpenKeyExA |
Handle => 0x00000434 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegQueryValueExW |
Handle => 0x00000434 Data => T\x00r\x00u\x00s\x00t\x00e\x00d\x00 \x00s\x00i\x00t\x00e\x00s\x00\x00\x00 ValueName => DisplayName |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegQueryValueExW |
Handle => 0x00000434 Data => T\x00h\x00i\x00s\x00 \x00z\x00o\x00n\x00e\x00 \x00c\x00o\x00n\x00t\x00a\x00i\x00n\x00s\x00 \x00W\x00e\x00b\x00 \x00s\x00i\x00t\x00e\x00s\x00 \x00t\x00h\x00a\x00t\x00 \x00y\x00o\x00u\x00 \x00t\x00r\x00u\x00s\x00t\x00 \x00n\x00o\x00t\x00 \x00t\x00o\x00 \x00d\x00a\x00m\x00a\x00g\x00e\x00 \x00y\x00o\x00u\x00r\x00 \x00c\x00o\x00m\x00p\x00u\x00t\x00e\x00r\x00 \x00o\x00r\x00 \x00d\x00a\x00t\x00a\x00.\x00\x00\x00 ValueName => Description |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegQueryValueExW |
Handle => 0x00000434 Data => i\x00n\x00e\x00t\x00c\x00p\x00l\x00.\x00c\x00p\x00l\x00#\x000\x000\x000\x000\x004\x004\x008\x000\x00\x00\x00 ValueName => Icon |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegQueryValueExW |
Handle => 0x00000434 Data => 65536 ValueName => MinLevel |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegQueryValueExW |
Handle => 0x00000434 Data => 65536 ValueName => RecommendedLevel |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegQueryValueExW |
Handle => 0x00000434 Data => 0 ValueName => CurrentLevel |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegOpenKeyExA |
Handle => 0x0000042c Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegQueryValueExW |
Handle => 0x0000042c Data => 71 ValueName => Flags |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegCloseKey |
Handle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegCloseKey |
Handle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegOpenKeyExA |
Handle => 0x00000434 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegQueryValueExW |
Handle => 0x00000434 Data => I\x00n\x00t\x00e\x00r\x00n\x00e\x00t\x00\x00\x00 ValueName => DisplayName |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegQueryValueExW |
Handle => 0x00000434 Data => T\x00h\x00i\x00s\x00 \x00z\x00o\x00n\x00e\x00 \x00c\x00o\x00n\x00t\x00a\x00i\x00n\x00s\x00 \x00a\x00l\x00l\x00 \x00W\x00e\x00b\x00 \x00s\x00i\x00t\x00e\x00s\x00 \x00y\x00o\x00u\x00 \x00h\x00a\x00v\x00e\x00n\x00'\x00t\x00 \x00p\x00l\x00a\x00c\x00e\x00d\x00 \x00i\x00n\x00 \x00o\x00t\x00h\x00e\x00r\x00 \x00z\x00o\x00n\x00e\x00s\x00\x00\x00 ValueName => Description |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegQueryValueExW |
Handle => 0x00000434 Data => i\x00n\x00e\x00t\x00c\x00p\x00l\x00.\x00c\x00p\x00l\x00#\x000\x000\x001\x003\x001\x003\x00\x00\x00 ValueName => Icon |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegQueryValueExW |
Handle => 0x00000434 Data => 69632 ValueName => MinLevel |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegQueryValueExW |
Handle => 0x00000434 Data => 69632 ValueName => RecommendedLevel |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegQueryValueExW |
Handle => 0x00000434 Data => 0 ValueName => CurrentLevel |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegOpenKeyExA |
Handle => 0x0000042c Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegQueryValueExW |
Handle => 0x0000042c Data => 1 ValueName => Flags |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegCloseKey |
Handle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegCloseKey |
Handle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegOpenKeyExA |
Handle => 0x00000434 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegQueryValueExW |
Handle => 0x00000434 Data => R\x00e\x00s\x00t\x00r\x00i\x00c\x00t\x00e\x00d\x00 \x00s\x00i\x00t\x00e\x00s\x00\x00\x00 ValueName => DisplayName |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegQueryValueExW |
Handle => 0x00000434 Data => T\x00h\x00i\x00s\x00 \x00z\x00o\x00n\x00e\x00 \x00c\x00o\x00n\x00t\x00a\x00i\x00n\x00s\x00 \x00W\x00e\x00b\x00 \x00s\x00i\x00t\x00e\x00s\x00 \x00t\x00h\x00a\x00t\x00 \x00c\x00o\x00u\x00l\x00d\x00 \x00p\x00o\x00t\x00e\x00n\x00t\x00i\x00a\x00l\x00l\x00y\x00 \x00d\x00a\x00m\x00a\x00g\x00e\x00 \x00y\x00o\x00u\x00r\x00 \x00c\x00o\x00m\x00p\x00u\x00t\x00e\x00r\x00 \x00o\x00r\x00 \x00d\x00a\x00t\x00a\x00.\x00\x00\x00 ValueName => Description |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegQueryValueExW |
Handle => 0x00000434 Data => i\x00n\x00e\x00t\x00c\x00p\x00l\x00.\x00c\x00p\x00l\x00#\x000\x000\x000\x000\x004\x004\x008\x001\x00\x00\x00 ValueName => Icon |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegQueryValueExW |
Handle => 0x00000434 Data => 73728 ValueName => MinLevel |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegQueryValueExW |
Handle => 0x00000434 Data => 73728 ValueName => RecommendedLevel |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegQueryValueExW |
Handle => 0x00000434 Data => 0 ValueName => CurrentLevel |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegOpenKeyExA |
Handle => 0x0000042c Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegQueryValueExW |
Handle => 0x0000042c Data => 3 ValueName => Flags |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegCloseKey |
Handle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | RegCloseKey |
Handle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => ExtractIconExW FunctionAddress => 0x7c9fe1b7 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:37,161 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:37,161 | 588 | NtCreateFile |
ShareAccess => 3 FileName => C:\WINDOWS\system32\inetcpl.cpl DesiredAccess => 0x80100180 CreateDisposition => 1 FileHandle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | NtQueryInformationFile |
FileHandle => 0x00000434 FileInformation => \x00\xa0\xa1\x10'\x9e\xc8\x01PU\xb8r\xe5\x91\xcf\x01\x00\xa0\xa1\x10'\x9e\xc8\x01`\xb67/\xe8\x91\xcf\x01 \x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | NtSetInformationFile |
FileHandle => 0x00000434 FileInformation => |
SUCCESS | 0x00000000 | |
| 18:34:37,161 | 588 | NtReadFile |
Buffer => MZ\x90\x00\x03\x00\x00\x00\x04\x00\x00\x00 FileHandle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 18:34:37,171 | 588 | NtQueryInformationFile |
FileHandle => 0x00000434 FileInformation => \x00\x90\x05\x00\x00\x00\x00\x00\x00\x82\x05\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,171 | 588 | NtCreateSection |
ObjectAttributes => DesiredAccess => 0x000f0005 SectionHandle => 0x0000042c FileHandle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 18:34:37,171 | 588 | ZwMapViewOfSection |
SectionOffset => 0x0013d640 SectionHandle => 0x0000042c ProcessHandle => 0xffffffff BaseAddress => 0x02310000 |
SUCCESS | 0x00000000 | |
| 18:34:37,171 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:37,171 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:37,171 | 588 | GetSystemMetrics |
SystemMetricIndex => 2 |
SUCCESS | 0x00000011 | |
| 18:34:37,171 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:37,171 | 588 | GetSystemMetrics |
SystemMetricIndex => 49 |
SUCCESS | 0x00000010 | |
| 18:34:37,171 | 588 | GetSystemMetrics |
SystemMetricIndex => 46 |
SUCCESS | 0x00000002 | |
| 18:34:37,171 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:34:37,171 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:37,171 | 588 | GetSystemMetrics |
SystemMetricIndex => 50 |
SUCCESS | 0x00000010 | |
| 18:34:37,171 | 588 | LdrLoadDll |
Flags => 1283420 BaseAddress => 0x7c9c0000 FileName => shell32.dll |
SUCCESS | 0x00000000 | |
| 18:34:37,171 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => SHGetFolderPathW FunctionAddress => 0x7c9eed76 ModuleHandle => 0x7c9c0000 |
SUCCESS | 0x00000000 | |
| 18:34:37,171 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{20D04FE0-3AEA-1069-A2D8-08002B30309D} |
FAILURE | 0x00000002 | |
| 18:34:37,171 | 588 | RegOpenKeyExA |
Handle => 0x00000436 Registry => 0x80000000 SubKey => CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32 |
SUCCESS | 0x00000000 | |
| 18:34:37,171 | 588 | RegQueryValueExW |
Handle => 0x00000436 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00S\x00H\x00E\x00L\x00L\x003\x002\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:37,171 | 588 | LdrLoadDll |
Flags => 1282348 BaseAddress => 0x7c9c0000 FileName => C:\WINDOWS\system32\SHELL32.dll |
SUCCESS | 0x00000000 | |
| 18:34:37,171 | 588 | RegCloseKey |
Handle => 0x00000436 |
SUCCESS | 0x00000000 | |
| 18:34:37,171 | 588 | RegOpenKeyExW |
Handle => 0x00000434 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume |
SUCCESS | 0x00000000 | |
| 18:34:37,171 | 588 | RegOpenKeyExW |
Handle => 0x0000042c Registry => 0x00000434 SubKey => {e6c716a2-b561-11e1-9849-806d6172696f}\ |
SUCCESS | 0x00000000 | |
| 18:34:37,171 | 588 | RegCloseKey |
Handle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 18:34:37,171 | 588 | RegQueryValueExW |
Handle => 0x0000042c Data => 1 ValueName => Generation |
SUCCESS | 0x00000000 | |
| 18:34:37,171 | 588 | RegCloseKey |
Handle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:37,171 | 588 | RegOpenKeyExW |
Handle => 0x0000042e Registry => 0x80000000 SubKey => Drive\shellex\FolderExtensions |
SUCCESS | 0x00000000 | |
| 18:34:37,171 | 588 | RegEnumKeyW |
Handle => 0x0000042e Name => {fbeb8a05-beee-4442-804e-409d6c4515e9} Index => 0 |
SUCCESS | 0x00000000 | |
| 18:34:37,171 | 588 | RegOpenKeyExW |
Handle => 0x00000436 Registry => 0x80000000 SubKey => Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9} |
SUCCESS | 0x00000000 | |
| 18:34:37,171 | 588 | RegQueryValueExW |
Handle => 0x00000436 Data => 32 ValueName => DriveMask |
SUCCESS | 0x00000000 | |
| 18:34:37,171 | 588 | RegCloseKey |
Handle => 0x00000436 |
SUCCESS | 0x00000000 | |
| 18:34:37,171 | 588 | RegEnumKeyW |
Handle => 0x0000042e Name => {fbeb8a05-beee-4442-804e-409d6c4515e9} Index => 1 |
FAILURE | 0x00000103 | |
| 18:34:37,171 | 588 | RegCloseKey |
Handle => 0x0000042e |
SUCCESS | 0x00000000 | |
| 18:34:37,171 | 588 | FindFirstFileExW |
FileName => C:\Documents and Settings |
SUCCESS | 0x001dd060 | |
| 18:34:37,171 | 588 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW |
SUCCESS | 0x001dd060 | |
| 18:34:37,171 | 588 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings |
SUCCESS | 0x001dd060 | |
| 18:34:37,171 | 588 | FindFirstFileExW |
FileName => C:\Documents and Settings\TDW\Local Settings\History |
SUCCESS | 0x001dd060 | |
| 18:34:37,171 | 588 | NtOpenFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\History\desktop.ini DesiredAccess => 0x80100000 FileHandle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:37,171 | 588 | NtQueryInformationFile |
FileHandle => 0x0000042c FileInformation => x\x00\x00\x00\x00\x00\x00\x00q\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,171 | 588 | NtReadFile |
Buffer => [.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
FileHandle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:37,171 | 588 | NtFreeVirtualMemory |
FreeType => 0x00008000 ProcessHandle => 0xffffffff RegionSize => 0x00101000 BaseAddress => 0x02310000 |
SUCCESS | 0x00000000 | |
| 18:34:37,171 | 588 | NtOpenFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\History\desktop.ini DesiredAccess => 0x80100000 FileHandle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:37,181 | 588 | NtQueryInformationFile |
FileHandle => 0x0000042c FileInformation => x\x00\x00\x00\x00\x00\x00\x00q\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,181 | 588 | NtReadFile |
Buffer => [.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
FileHandle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:37,181 | 588 | NtFreeVirtualMemory |
FreeType => 0x00008000 ProcessHandle => 0xffffffff RegionSize => 0x00101000 BaseAddress => 0x02310000 |
SUCCESS | 0x00000000 | |
| 18:34:37,181 | 588 | NtOpenFile |
ShareAccess => 7 FileName => C:\Documents and Settings\TDW\Local Settings\History\desktop.ini DesiredAccess => 0x80100000 FileHandle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:37,181 | 588 | NtQueryInformationFile |
FileHandle => 0x0000042c FileInformation => x\x00\x00\x00\x00\x00\x00\x00q\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,181 | 588 | NtReadFile |
Buffer => [.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
FileHandle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:37,181 | 588 | NtFreeVirtualMemory |
FreeType => 0x00008000 ProcessHandle => 0xffffffff RegionSize => 0x00101000 BaseAddress => 0x02310000 |
SUCCESS | 0x00000000 | |
| 18:34:37,181 | 588 | RegOpenKeyExW |
Handle => 0x0000042e Registry => 0x80000000 SubKey => CLSID\{FF393560-C2A7-11CF-BFF4-444553540000} |
SUCCESS | 0x00000000 | |
| 18:34:37,181 | 588 | RegCloseKey |
Handle => 0x0000042e |
SUCCESS | 0x00000000 | |
| 18:34:37,181 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000002 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
FAILURE | 0x00000002 | |
| 18:34:37,181 | 588 | RegOpenKeyExW |
Handle => 0x0000042c Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
SUCCESS | 0x00000000 | |
| 18:34:37,181 | 588 | RegQueryValueExW |
Handle => 0x0000042c DataLength => 4 ValueName => AllowCLSIDPROGIDMapping Type => 1283016 |
FAILURE | 0x00000002 | |
| 18:34:37,181 | 588 | RegCloseKey |
Handle => 0x0000042c |
SUCCESS | 0x00000000 | |
| 18:34:37,181 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000000 SubKey => CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\shell |
FAILURE | 0x00000002 | |
| 18:34:37,181 | 588 | RegOpenKeyExW |
Handle => 0x0000042e Registry => 0x80000000 SubKey => CLSID\{FF393560-C2A7-11CF-BFF4-444553540000} |
SUCCESS | 0x00000000 | |
| 18:34:37,181 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000042e SubKey => ShellEx\IconHandler |
FAILURE | 0x00000002 | |
| 18:34:37,181 | 588 | RegQueryValueExW |
Handle => 0x0000042e DataLength => 0 ValueName => DocObject Type => 0 |
FAILURE | 0x00000002 | |
| 18:34:37,181 | 588 | RegQueryValueExW |
Handle => 0x0000042e DataLength => 0 ValueName => BrowseInPlace Type => 0 |
FAILURE | 0x00000002 | |
| 18:34:37,181 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x0000042e SubKey => Clsid |
FAILURE | 0x00000002 | |
| 18:34:37,181 | 588 | RegOpenKeyExW |
Handle => 0x00000436 Registry => 0x80000000 SubKey => Folder |
SUCCESS | 0x00000000 | |
| 18:34:37,181 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000436 SubKey => Clsid |
FAILURE | 0x00000002 | |
| 18:34:37,181 | 588 | RegQueryValueExW |
Handle => 0x0000042e DataLength => 0 ValueName => IsShortcut Type => 0 |
FAILURE | 0x00000002 | |
| 18:34:37,181 | 588 | RegQueryValueExW |
Handle => 0x0000042e DataLength => 0 ValueName => AlwaysShowExt Type => 0 |
FAILURE | 0x00000002 | |
| 18:34:37,181 | 588 | RegQueryValueExW |
Handle => 0x0000042e DataLength => 0 ValueName => NeverShowExt Type => 0 |
FAILURE | 0x00000002 | |
| 18:34:37,181 | 588 | RegCloseKey |
Handle => 0x0000042e |
SUCCESS | 0x00000000 | |
| 18:34:37,181 | 588 | RegCloseKey |
Handle => 0x00000436 |
SUCCESS | 0x00000000 | |
| 18:34:37,181 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000000 SubKey => CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\shell |
FAILURE | 0x00000002 | |
| 18:34:37,181 | 588 | RegOpenKeyExW |
Handle => 0x00000436 Registry => 0x80000000 SubKey => CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\InProcServer32 |
SUCCESS | 0x00000000 | |
| 18:34:37,181 | 588 | RegQueryValueExW |
Handle => 0x00000436 Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00s\x00h\x00d\x00o\x00c\x00v\x00w\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:37,181 | 588 | RegQueryValueExW |
Handle => 0x00000436 DataLength => 0 ValueName => LoadWithoutCOM Type => 0 |
FAILURE | 0x00000002 | |
| 18:34:37,181 | 588 | RegCloseKey |
Handle => 0x00000436 |
SUCCESS | 0x00000000 | |
| 18:34:37,181 | 588 | RegQueryValueExW |
Handle => 0x00000310 DataLength => 0 ValueName => {FF393560-C2A7-11CF-BFF4-444553540000} Type => 0 |
FAILURE | 0x00000002 | |
| 18:34:37,181 | 588 | RegQueryValueExW |
Handle => 0x00000334 DataLength => 0 ValueName => {FF393560-C2A7-11CF-BFF4-444553540000} Type => 0 |
FAILURE | 0x00000002 | |
| 18:34:37,181 | 588 | RegQueryValueExW |
Handle => 0x00000338 DataLength => 4 ValueName => {FF393560-C2A7-11CF-BFF4-444553540000} {062E1261-A60E-11D0-82C2-00C04FD5AE38} 0x401 Type => 1282204 |
FAILURE | 0x00000002 | |
| 18:34:37,181 | 588 | RegQueryValueExW |
Handle => 0x0000033c Data => ValueName => {FF393560-C2A7-11CF-BFF4-444553540000} {062E1261-A60E-11D0-82C2-00C04FD5AE38} 0x401 |
SUCCESS | 0x00000000 | |
| 18:34:37,181 | 588 | NtOpenKey |
DesiredAccess => 2147483648 KeyHandle => 0x00000434 ObjectAttributes => \Registry\Machine\Software\Classes\CLSID\{ff393560-c2a7-11cf-bff4-444553540000}\InProcServer32 |
SUCCESS | 0x00000000 | |
| 18:34:37,181 | 588 | NtQueryValueKey |
Information => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00s\x00h\x00d\x00o\x00c\x00v\x00w\x00.\x00d\x00l\x00l\x00\x00\x00 KeyHandle => 0x00000434 ValueName => Type => 2 |
SUCCESS | 0x00000000 | |
| 18:34:37,181 | 588 | LdrGetDllHandle |
ModuleHandle => 0x7e290000 FileName => shdocvw.dll |
SUCCESS | 0x00000000 | |
| 18:34:37,181 | 588 | RegOpenKeyExW |
Handle => 0x00000434 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:37,181 | 588 | RegQueryValueExW |
Handle => 0x00000434 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:37,181 | 588 | RegCloseKey |
Handle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 18:34:37,181 | 588 | RegOpenKeyExW |
Handle => 0x00000434 Registry => 0x80000002 SubKey => Software\Microsoft\COM3 |
SUCCESS | 0x00000000 | |
| 18:34:37,181 | 588 | RegQueryValueExW |
Handle => 0x00000434 Data => ValueName => REGDBVersion |
SUCCESS | 0x00000000 | |
| 18:34:37,181 | 588 | RegCloseKey |
Handle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 18:34:37,181 | 588 | RegOpenKeyExW |
Handle => 0x00000436 Registry => 0x000000e6 SubKey => CLSID\{FF393560-C2A7-11CF-BFF4-444553540000} |
SUCCESS | 0x00000000 | |
| 18:34:37,181 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000436 SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:37,181 | 588 | RegOpenKeyExW |
Handle => 0x0000042e Registry => 0x000000e6 SubKey => |
SUCCESS | 0x00000000 | |
| 18:34:37,181 | 588 | RegCloseKey |
Handle => 0x00000436 |
SUCCESS | 0x00000000 | |
| 18:34:37,181 | 588 | RegOpenKeyExW |
Handle => 0x00000436 Registry => 0x0000042e SubKey => CLSID\{FF393560-C2A7-11CF-BFF4-444553540000} |
SUCCESS | 0x00000000 | |
| 18:34:37,181 | 588 | RegOpenKeyExW |
Handle => 0x0000042a Registry => 0x00000436 SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:37,181 | 588 | RegQueryValueExW |
Handle => 0x0000042a DataLength => 1000 ValueName => InprocServer32 Type => 1567048 |
FAILURE | 0x00000002 | |
| 18:34:37,181 | 588 | RegCloseKey |
Handle => 0x0000042a |
SUCCESS | 0x00000000 | |
| 18:34:37,181 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000436 SubKey => InprocServerX86 |
FAILURE | 0x00000002 | |
| 18:34:37,181 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000436 SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:37,181 | 588 | RegOpenKeyExW |
Handle => 0x0000042a Registry => 0x00000436 SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:37,181 | 588 | RegQueryValueExW |
Handle => 0x0000042a Data => %\x00S\x00y\x00s\x00t\x00e\x00m\x00R\x00o\x00o\x00t\x00%\x00\\x00s\x00y\x00s\x00t\x00e\x00m\x003\x002\x00\\x00s\x00h\x00d\x00o\x00c\x00v\x00w\x00.\x00d\x00l\x00l\x00\x00\x00 ValueName => |
SUCCESS | 0x00000000 | |
| 18:34:37,181 | 588 | RegCloseKey |
Handle => 0x0000042a |
SUCCESS | 0x00000000 | |
| 18:34:37,181 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000436 SubKey => InprocHandler32 |
FAILURE | 0x00000002 | |
| 18:34:37,181 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000436 SubKey => InprocHandlerX86 |
FAILURE | 0x00000002 | |
| 18:34:37,181 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000436 SubKey => LocalServer32 |
FAILURE | 0x00000002 | |
| 18:34:37,191 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000436 SubKey => LocalServer |
FAILURE | 0x00000002 | |
| 18:34:37,191 | 588 | RegOpenKeyExW |
Handle => 0x0000042a Registry => 0x0000042e SubKey => CLSID\{FF393560-C2A7-11CF-BFF4-444553540000} |
SUCCESS | 0x00000000 | |
| 18:34:37,191 | 588 | RegQueryValueExW |
Handle => 0x0000042a DataLength => 100 ValueName => AppID Type => 1282284 |
FAILURE | 0x00000002 | |
| 18:34:37,191 | 588 | RegCloseKey |
Handle => 0x0000042a |
SUCCESS | 0x00000000 | |
| 18:34:37,191 | 588 | RegCloseKey |
Handle => 0x00000436 |
SUCCESS | 0x00000000 | |
| 18:34:37,191 | 588 | RegOpenKeyExW |
Handle => 0x00000436 Registry => 0x0000042e SubKey => CLSID\{FF393560-C2A7-11CF-BFF4-444553540000} |
SUCCESS | 0x00000000 | |
| 18:34:37,191 | 588 | RegCloseKey |
Handle => 0x00000436 |
SUCCESS | 0x00000000 | |
| 18:34:37,191 | 588 | RegOpenKeyExW |
Handle => 0x00000436 Registry => 0x0000042e SubKey => CLSID\{FF393560-C2A7-11CF-BFF4-444553540000} |
SUCCESS | 0x00000000 | |
| 18:34:37,191 | 588 | RegOpenKeyExW |
Handle => 0x0000042a Registry => 0x00000436 SubKey => InprocServer32 |
SUCCESS | 0x00000000 | |
| 18:34:37,191 | 588 | RegQueryValueExW |
Handle => 0x0000042a Data => A\x00p\x00a\x00r\x00t\x00m\x00e\x00n\x00t\x00\x00\x00 ValueName => ThreadingModel |
SUCCESS | 0x00000000 | |
| 18:34:37,191 | 588 | RegCloseKey |
Handle => 0x0000042a |
SUCCESS | 0x00000000 | |
| 18:34:37,191 | 588 | RegCloseKey |
Handle => 0x00000436 |
SUCCESS | 0x00000000 | |
| 18:34:37,191 | 588 | RegOpenKeyExW |
Handle => 0x00000436 Registry => 0x80000000 SubKey => CLSID\{FF393560-C2A7-11CF-BFF4-444553540000} |
SUCCESS | 0x00000000 | |
| 18:34:37,191 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x00000436 SubKey => TreatAs |
FAILURE | 0x00000002 | |
| 18:34:37,191 | 588 | RegCloseKey |
Handle => 0x00000436 |
SUCCESS | 0x00000000 | |
| 18:34:37,191 | 588 | LdrGetDllHandle |
ModuleHandle => 0x00000000 FileName => EXPLORER.EXE |
FAILURE | 3221225781 | 1 time |
| 18:34:37,191 | 588 | RegOpenKeyExA |
Handle => 0x00000000 Registry => 0x80000002 SubKey => SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{FF393560-C2A7-11CF-BFF4-444553540000} |
FAILURE | 0x00000002 | |
| 18:34:37,191 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoInitializeEx FunctionAddress => 0x774fef7b ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:37,191 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CoUninitialize FunctionAddress => 0x774fee46 ModuleHandle => 0x774e0000 |
SUCCESS | 0x00000000 | |
| 18:34:37,191 | 588 | NtQueryInformationFile |
FileHandle => 0x00000174 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,191 | 588 | NtQueryInformationFile |
FileHandle => 0x0000018c FileInformation => \x00\x80\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,191 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => CommitUrlCacheEntryA FunctionAddress => 0x771d1b82 ModuleHandle => 0x771b0000 |
SUCCESS | 0x00000000 | |
| 18:34:37,191 | 588 | NtQueryInformationFile |
FileHandle => 0x00000174 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,191 | 588 | NtQueryInformationFile |
FileHandle => 0x0000018c FileInformation => \x00\x80\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | |
| 18:34:37,191 | 588 | NtQueryInformationFile |
FileHandle => 0x00000174 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | 1 time |
| 18:34:37,191 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:34:37,191 | 588 | RegOpenKeyExA |
Handle => 0x00000436 Registry => 0x80000000 SubKey => http |
SUCCESS | 0x00000000 | |
| 18:34:37,191 | 588 | RegQueryValueExA |
Handle => 0x00000436 DataLength => 39 ValueName => ShellFolder Type => 1078 |
FAILURE | 0x00000002 | |
| 18:34:37,191 | 588 | RegCloseKey |
Handle => 0x00000436 |
SUCCESS | 0x00000000 | |
| 18:34:37,191 | 588 | LdrGetDllHandle |
ModuleHandle => 0x77120000 FileName => OLEAUT32.DLL |
SUCCESS | 0x00000000 | |
| 18:34:37,191 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetUrlCacheEntryInfoExW FunctionAddress => 0x771d6866 ModuleHandle => 0x771b0000 |
SUCCESS | 0x00000000 | |
| 18:34:37,191 | 588 | NtQueryInformationFile |
FileHandle => 0x00000174 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | 1 time |
| 18:34:37,241 | 588 | LdrGetProcedureAddress |
Ordinal => 112 FunctionName => FunctionAddress => 0x75cf4769 ModuleHandle => 0x75cf0000 |
SUCCESS | 0x00000000 | |
| 18:34:37,241 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetUrlCacheEntryInfoExA FunctionAddress => 0x771b6516 ModuleHandle => 0x771b0000 |
SUCCESS | 0x00000000 | |
| 18:34:37,241 | 588 | NtQueryInformationFile |
FileHandle => 0x00000174 FileInformation => \x00\xc0\x03\x00\x00\x00\x00\x00\x00\xc0\x03\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00 |
SUCCESS | 0x00000000 | 1 time |
| 18:34:37,241 | 588 | LdrLoadDll |
Flags => 1302152 BaseAddress => 0x77120000 FileName => OLEAUT32.dll |
SUCCESS | 0x00000000 | |
| 18:34:37,241 | 588 | LdrGetProcedureAddress |
Ordinal => 6 FunctionName => FunctionAddress => 0x77124880 ModuleHandle => 0x77120000 |
SUCCESS | 0x00000000 | |
| 18:34:37,241 | 588 | RegOpenKeyExA |
Handle => 0x00000434 Registry => 0x80000001 SubKey => Software\Microsoft\windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:37,251 | 588 | RegQueryValueExW |
Handle => 0x00000434 DataLength => 4 ValueName => IEHardenWarnOnNav Type => 1303496 |
FAILURE | 0x00000002 | |
| 18:34:37,251 | 588 | RegOpenKeyExA |
Handle => 0x00000428 Registry => 0x80000002 SubKey => Software\Microsoft\windows\CurrentVersion\Internet Settings |
SUCCESS | 0x00000000 | |
| 18:34:37,251 | 588 | RegQueryValueExW |
Handle => 0x00000428 DataLength => 4 ValueName => IEHardenWarnOnNav Type => 1303496 |
FAILURE | 0x00000002 | |
| 18:34:37,251 | 588 | RegCloseKey |
Handle => 0x00000428 |
SUCCESS | 0x00000000 | |
| 18:34:37,251 | 588 | RegCloseKey |
Handle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 18:34:37,251 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | 1 time |
| 18:34:37,251 | 588 | RegOpenKeyExW |
Handle => 0x00000000 Registry => 0x80000001 SubKey => Software\Policies\Microsoft\Internet Explorer\PhotoSupport |
FAILURE | 0x00000002 | |
| 18:34:37,251 | 588 | RegOpenKeyExW |
Handle => 0x00000434 Registry => 0x80000001 SubKey => Software\Microsoft\Internet Explorer\Main |
SUCCESS | 0x00000000 | |
| 18:34:37,251 | 588 | RegQueryValueExW |
Handle => 0x00000434 DataLength => 32 ValueName => Enable_MyPics_Hoverbar Type => 1303460 |
FAILURE | 0x00000002 | |
| 18:34:37,251 | 588 | RegCloseKey |
Handle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 18:34:37,251 | 588 | LdrGetProcedureAddress |
Ordinal => 147 FunctionName => FunctionAddress => 0x77126aa6 ModuleHandle => 0x77120000 |
SUCCESS | 0x00000000 | |
| 18:34:37,251 | 588 | LdrLoadDll |
Flags => 1302904 BaseAddress => 0x7e410000 FileName => USER32.DLL |
SUCCESS | 0x00000000 | |
| 18:34:37,251 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => IsWinEventHookInstalled FunctionAddress => 0x7e41b1a5 ModuleHandle => 0x7e410000 |
SUCCESS | 0x00000000 | |
| 18:34:37,251 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | 1 time |
| 18:34:37,251 | 588 | RegOpenKeyExW |
Handle => 0x00000434 Registry => 0x80000001 SubKey => Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
SUCCESS | 0x00000000 | |
| 18:34:37,251 | 588 | RegQueryValueExW |
Handle => 0x00000434 DataLength => 4 ValueName => IEharden Type => 1304992 |
FAILURE | 0x00000002 | |
| 18:34:37,251 | 588 | RegCloseKey |
Handle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 18:34:37,251 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:37,251 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:37,251 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:37,251 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | 1 time |
| 18:34:37,261 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:37,261 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:37,261 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:37,261 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:37,261 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:37,261 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:37,261 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:37,261 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:37,261 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:37,261 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetThemeColor FunctionAddress => 0x5ad7459d ModuleHandle => 0x5ad70000 |
SUCCESS | 0x00000000 | |
| 18:34:37,261 | 588 | LdrGetDllHandle |
ModuleHandle => 0x77f10000 FileName => GDI32.DLL |
SUCCESS | 0x00000000 | |
| 18:34:37,261 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => GetRandomRgn FunctionAddress => 0x77f1d7ae ModuleHandle => 0x77f10000 |
SUCCESS | 0x00000000 | |
| 18:34:37,271 | 588 | LdrLoadDll |
Flags => 1296888 BaseAddress => 0x5ad70000 FileName => UxTheme.dll |
SUCCESS | 0x00000000 | |
| 18:34:37,271 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => IsAppThemed FunctionAddress => 0x5ad78b4d ModuleHandle => 0x5ad70000 |
SUCCESS | 0x00000000 | |
| 18:34:37,271 | 588 | LdrGetProcedureAddress |
Ordinal => 61 FunctionName => FunctionAddress => 0x5ad8f307 ModuleHandle => 0x5ad70000 |
SUCCESS | 0x00000000 | |
| 18:34:37,271 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => DrawThemeBackground FunctionAddress => 0x5ad72bef ModuleHandle => 0x5ad70000 |
SUCCESS | 0x00000000 | |
| 18:34:37,271 | 588 | RegOpenKeyExW |
Handle => 0x00000434 Registry => 0x80000002 SubKey => Software\Microsoft\Internet Explorer\Main |
SUCCESS | 0x00000000 | |
| 18:34:37,271 | 588 | RegQueryValueExW |
Handle => 0x00000434 DataLength => 4 ValueName => MaxRenderLine Type => 1289204 |
FAILURE | 0x00000002 | |
| 18:34:37,271 | 588 | RegCloseKey |
Handle => 0x00000434 |
SUCCESS | 0x00000000 | |
| 18:34:37,341 | 588 | RegOpenKeyExW |
Handle => 0x00000434 Registry => 0x00000030 SubKey => Software\Clients\News |
SUCCESS | 0x00000000 | |
| 18:34:37,341 | 588 | RegQueryValueExW |
Handle => 0x00000434 DataLength => 32 ValueName => Type => 1 |
SUCCESS | 0x00000000 | |
| 18:34:37,341 | 588 | GetSystemMetrics |
SystemMetricIndex => 41 |
SUCCESS | 0x00000000 | |
| 18:34:37,341 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:37,341 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:37,341 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:37,341 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:37,341 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:37,341 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:37,341 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:37,341 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:37,341 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:37,341 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:37,341 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:37,341 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:37,341 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:37,341 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:37,341 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:37,341 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:37,341 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:37,341 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:37,341 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:37,341 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:37,341 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:37,341 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:37,341 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:37,341 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:37,341 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:37,341 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:37,341 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:37,341 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:37,341 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:37,341 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | 1 time |
| 18:34:37,341 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:37,341 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:37,341 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | 1 time |
| 18:34:37,351 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:37,361 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:37,361 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:37,361 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:37,361 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:37,361 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:37,361 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:37,361 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:37,361 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:38,192 | 588 | GetCursorPos |
y => 516 x => 479 |
SUCCESS | 0x00000001 | |
| 18:34:38,493 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:34:39,244 | 588 | GetCursorPos |
y => 373 x => 349 |
SUCCESS | 0x00000001 | |
| 18:34:39,544 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:34:40,295 | 588 | GetCursorPos |
y => 194 x => 26 |
SUCCESS | 0x00000001 | |
| 18:34:40,596 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:34:41,186 | 1304 | select |
socket => 0x00000001 |
SUCCESS | 0x00000000 | |
| 18:34:41,397 | 588 | GetCursorPos |
y => 209 x => 701 |
SUCCESS | 0x00000001 | |
| 18:34:41,697 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:34:42,478 | 588 | GetCursorPos |
y => 413 x => 203 |
SUCCESS | 0x00000001 | |
| 18:34:42,779 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:34:43,560 | 588 | GetCursorPos |
y => 335 x => 262 |
SUCCESS | 0x00000001 | |
| 18:34:43,860 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:34:44,651 | 588 | GetCursorPos |
y => 541 x => 508 |
SUCCESS | 0x00000001 | |
| 18:34:44,952 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:34:45,703 | 588 | GetCursorPos |
y => 447 x => 728 |
SUCCESS | 0x00000001 | |
| 18:34:46,003 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:34:46,194 | 1304 | select |
socket => 0x00000001 |
SUCCESS | 0x00000000 | |
| 18:34:46,754 | 588 | GetCursorPos |
y => 171 x => 223 |
SUCCESS | 0x00000001 | |
| 18:34:47,055 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:34:47,806 | 588 | GetCursorPos |
y => 296 x => 661 |
SUCCESS | 0x00000001 | |
| 18:34:48,106 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:34:48,857 | 588 | GetCursorPos |
y => 459 x => 366 |
SUCCESS | 0x00000001 | |
| 18:34:49,158 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:34:50,960 | 588 | GetCursorPos |
y => 422 x => 292 |
SUCCESS | 0x00000001 | |
| 18:34:51,201 | 1304 | select |
socket => 0x00000001 |
SUCCESS | 0x00000000 | |
| 18:34:51,261 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:34:52,042 | 588 | GetCursorPos |
y => 118 x => 510 |
SUCCESS | 0x00000001 | |
| 18:34:52,352 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:34:53,124 | 588 | GetCursorPos |
y => 83 x => 143 |
SUCCESS | 0x00000001 | |
| 18:34:53,124 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:53,124 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:53,124 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:53,124 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:53,124 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:53,134 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:53,134 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:53,134 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:53,134 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:53,134 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:53,134 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:53,144 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:53,144 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:53,144 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:53,144 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:53,144 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:53,144 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:53,144 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:53,154 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:34:53,154 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:34:54,255 | 588 | GetCursorPos |
y => 494 x => 754 |
SUCCESS | 0x00000001 | |
| 18:34:54,556 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:34:55,337 | 588 | GetCursorPos |
y => 361 x => 334 |
SUCCESS | 0x00000001 | |
| 18:34:55,637 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:34:56,208 | 1304 | select |
socket => 0x00000001 |
SUCCESS | 0x00000000 | |
| 18:34:56,388 | 588 | GetCursorPos |
y => 423 x => 667 |
SUCCESS | 0x00000001 | |
| 18:34:56,689 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:34:57,440 | 588 | GetCursorPos |
y => 531 x => 792 |
SUCCESS | 0x00000001 | |
| 18:34:57,740 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:34:58,491 | 588 | GetCursorPos |
y => 239 x => 659 |
SUCCESS | 0x00000001 | |
| 18:34:58,792 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:34:59,543 | 588 | GetCursorPos |
y => 198 x => 347 |
SUCCESS | 0x00000001 | |
| 18:34:59,843 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:00,594 | 588 | GetCursorPos |
y => 296 x => 684 |
SUCCESS | 0x00000001 | |
| 18:35:00,895 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:01,215 | 1304 | select |
socket => 0x00000001 |
SUCCESS | 0x00000000 | |
| 18:35:01,646 | 588 | GetCursorPos |
y => 269 x => 103 |
SUCCESS | 0x00000001 | |
| 18:35:01,946 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:02,697 | 588 | GetCursorPos |
y => 409 x => 448 |
SUCCESS | 0x00000001 | |
| 18:35:02,998 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:03,749 | 588 | GetCursorPos |
y => 291 x => 77 |
SUCCESS | 0x00000001 | |
| 18:35:04,049 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:04,820 | 588 | GetCursorPos |
y => 173 x => 42 |
SUCCESS | 0x00000001 | |
| 18:35:05,121 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:05,912 | 588 | GetCursorPos |
y => 156 x => 131 |
SUCCESS | 0x00000001 | |
| 18:35:06,212 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:06,222 | 1304 | select |
socket => 0x00000001 |
SUCCESS | 0x00000000 | |
| 18:35:07,124 | 588 | GetCursorPos |
y => 486 x => 10 |
SUCCESS | 0x00000001 | |
| 18:35:07,424 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:08,215 | 588 | GetCursorPos |
y => 52 x => 757 |
SUCCESS | 0x00000001 | |
| 18:35:10,318 | 588 | GetCursorPos |
y => 171 x => 711 |
SUCCESS | 0x00000001 | |
| 18:35:10,619 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:11,230 | 1304 | select |
socket => 0x00000001 |
SUCCESS | 0x00000000 | |
| 18:35:11,370 | 588 | GetCursorPos |
y => 436 x => 22 |
SUCCESS | 0x00000001 | |
| 18:35:11,670 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:12,421 | 588 | GetCursorPos |
y => 436 x => 667 |
SUCCESS | 0x00000001 | |
| 18:35:12,722 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:13,473 | 588 | GetCursorPos |
y => 334 x => 184 |
SUCCESS | 0x00000001 | |
| 18:35:13,773 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:14,524 | 588 | GetCursorPos |
y => 321 x => 192 |
SUCCESS | 0x00000001 | |
| 18:35:14,755 | 1592 | NtDelayExecution |
Milliseconds => 60000 |
SUCCESS | 0x00000000 | |
| 18:35:14,825 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:15,576 | 588 | GetCursorPos |
y => 515 x => 586 |
SUCCESS | 0x00000001 | |
| 18:35:15,876 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:16,207 | 1412 | ExitThread |
ExitCode => 0 |
SUCCESS | 0x00000000 | |
| 18:35:16,237 | 1304 | select |
socket => 0x00000001 |
SUCCESS | 0x00000000 | |
| 18:35:16,637 | 588 | GetCursorPos |
y => 440 x => 188 |
SUCCESS | 0x00000001 | |
| 18:35:16,938 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:17,759 | 588 | GetCursorPos |
y => 255 x => 798 |
SUCCESS | 0x00000001 | |
| 18:35:18,059 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:18,841 | 588 | GetCursorPos |
y => 216 x => 342 |
SUCCESS | 0x00000001 | |
| 18:35:19,141 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:19,992 | 588 | GetCursorPos |
y => 354 x => 576 |
SUCCESS | 0x00000001 | |
| 18:35:20,293 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:21,044 | 588 | GetCursorPos |
y => 374 x => 741 |
SUCCESS | 0x00000001 | |
| 18:35:21,244 | 1304 | select |
socket => 0x00000001 |
SUCCESS | 0x00000000 | |
| 18:35:21,344 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:22,095 | 588 | GetCursorPos |
y => 171 x => 680 |
SUCCESS | 0x00000001 | |
| 18:35:22,396 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:23,147 | 588 | GetCursorPos |
y => 317 x => 683 |
SUCCESS | 0x00000001 | |
| 18:35:23,447 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:24,198 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:35:24,198 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:35:24,198 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:35:24,198 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:35:24,198 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:35:24,198 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:35:24,198 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:35:24,198 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:35:24,198 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:35:24,198 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:35:24,198 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:35:24,198 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:35:24,198 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:35:24,208 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:35:24,208 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:35:24,208 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:35:24,208 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:35:24,208 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:35:24,208 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:35:24,208 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:35:25,260 | 588 | GetCursorPos |
y => 470 x => 563 |
SUCCESS | 0x00000001 | |
| 18:35:25,560 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:26,251 | 1304 | select |
socket => 0x00000001 |
SUCCESS | 0x00000000 | |
| 18:35:26,311 | 588 | GetCursorPos |
y => 281 x => 273 |
SUCCESS | 0x00000001 | |
| 18:35:26,612 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:27,363 | 588 | GetCursorPos |
y => 79 x => 745 |
SUCCESS | 0x00000001 | |
| 18:35:28,414 | 588 | GetCursorPos |
y => 240 x => 171 |
SUCCESS | 0x00000001 | |
| 18:35:28,715 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:29,476 | 588 | GetCursorPos |
y => 379 x => 29 |
SUCCESS | 0x00000001 | |
| 18:35:29,776 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:30,557 | 588 | GetCursorPos |
y => 508 x => 536 |
SUCCESS | 0x00000001 | |
| 18:35:30,858 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:31,258 | 1304 | select |
socket => 0x00000001 |
SUCCESS | 0x00000000 | |
| 18:35:31,609 | 588 | GetCursorPos |
y => 269 x => 337 |
SUCCESS | 0x00000001 | |
| 18:35:31,909 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:32,660 | 588 | GetSystemMetrics |
SystemMetricIndex => 41 |
SUCCESS | 0x00000000 | |
| 18:35:32,660 | 588 | GetCursorPos |
y => 93 x => 569 |
SUCCESS | 0x00000001 | |
| 18:35:32,660 | 588 | LdrGetProcedureAddress |
Ordinal => 0 FunctionName => ImageList_GetIconSize FunctionAddress => 0x773e5660 ModuleHandle => 0x773d0000 |
SUCCESS | 0x00000000 | |
| 18:35:32,660 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:35:32,660 | 588 | GetSystemMetrics |
SystemMetricIndex => 41 |
SUCCESS | 0x00000000 | |
| 18:35:32,660 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:35:32,660 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:35:32,660 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:35:32,670 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:35:32,670 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:35:32,670 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:35:32,670 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:35:32,670 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:35:33,732 | 588 | GetCursorPos |
y => 199 x => 223 |
SUCCESS | 0x00000001 | |
| 18:35:34,032 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:34,783 | 588 | GetSystemMetrics |
SystemMetricIndex => 41 |
SUCCESS | 0x00000000 | |
| 18:35:34,783 | 588 | GetCursorPos |
y => 110 x => 296 |
SUCCESS | 0x00000001 | |
| 18:35:34,783 | 588 | GetSystemMetrics |
SystemMetricIndex => 45 |
SUCCESS | 0x00000002 | |
| 18:35:34,783 | 588 | GetSystemMetrics |
SystemMetricIndex => 41 |
SUCCESS | 0x00000000 | |
| 18:35:34,783 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:35:34,783 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:35:34,783 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:35:34,783 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:35:34,793 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:35:34,793 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:35:34,793 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:35:34,793 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:35:35,845 | 588 | GetCursorPos |
y => 235 x => 149 |
SUCCESS | 0x00000001 | |
| 18:35:36,145 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:36,266 | 1304 | select |
socket => 0x00000001 |
SUCCESS | 0x00000000 | |
| 18:35:36,897 | 588 | RegOpenKeyExW |
Handle => 0x000002a4 Registry => 0x80000002 SubKey => Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes |
SUCCESS | 0x00000000 | |
| 18:35:36,897 | 588 | RegQueryValueExW |
Handle => 0x000002a4 DataLength => 64 ValueName => Tahoma Type => 1302612 |
FAILURE | 0x00000002 | |
| 18:35:36,897 | 588 | RegCloseKey |
Handle => 0x000002a4 |
SUCCESS | 0x00000000 | |
| 18:35:36,897 | 588 | GetCursorPos |
y => 569 x => 200 |
SUCCESS | 0x00000001 | |
| 18:35:37,948 | 588 | GetCursorPos |
y => 200 x => 667 |
SUCCESS | 0x00000001 | |
| 18:35:38,248 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:40,131 | 588 | GetCursorPos |
y => 453 x => 663 |
SUCCESS | 0x00000001 | |
| 18:35:40,432 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:41,223 | 588 | GetCursorPos |
y => 434 x => 419 |
SUCCESS | 0x00000001 | |
| 18:35:41,273 | 1304 | select |
socket => 0x00000001 |
SUCCESS | 0x00000000 | |
| 18:35:41,523 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:42,314 | 588 | GetCursorPos |
y => 159 x => 540 |
SUCCESS | 0x00000001 | |
| 18:35:42,615 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:43,386 | 588 | GetCursorPos |
y => 130 x => 70 |
SUCCESS | 0x00000001 | |
| 18:35:43,686 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:44,437 | 588 | GetCursorPos |
y => 444 x => 770 |
SUCCESS | 0x00000001 | |
| 18:35:44,738 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:45,489 | 588 | GetCursorPos |
y => 496 x => 138 |
SUCCESS | 0x00000001 | |
| 18:35:45,789 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:46,280 | 1304 | select |
socket => 0x00000001 |
SUCCESS | 0x00000000 | |
| 18:35:46,540 | 588 | GetCursorPos |
y => 161 x => 94 |
SUCCESS | 0x00000001 | |
| 18:35:46,841 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:48,643 | 588 | GetCursorPos |
y => 515 x => 323 |
SUCCESS | 0x00000001 | |
| 18:35:48,944 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:49,695 | 588 | GetCursorPos |
y => 181 x => 586 |
SUCCESS | 0x00000001 | |
| 18:35:49,995 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:50,746 | 588 | GetCursorPos |
y => 427 x => 121 |
SUCCESS | 0x00000001 | |
| 18:35:51,047 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:51,287 | 1304 | select |
socket => 0x00000001 |
SUCCESS | 0x00000000 | |
| 18:35:51,798 | 588 | GetCursorPos |
y => 434 x => 778 |
SUCCESS | 0x00000001 | |
| 18:35:52,098 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:52,849 | 588 | GetCursorPos |
y => 280 x => 196 |
SUCCESS | 0x00000001 | |
| 18:35:53,150 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:53,901 | 588 | GetCursorPos |
y => 294 x => 557 |
SUCCESS | 0x00000001 | |
| 18:35:54,201 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:54,952 | 588 | GetCursorPos |
y => 199 x => 499 |
SUCCESS | 0x00000001 | |
| 18:35:55,253 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:56,004 | 588 | GetCursorPos |
y => 445 x => 573 |
SUCCESS | 0x00000001 | |
| 18:35:56,294 | 1304 | select |
socket => 0x00000001 |
SUCCESS | 0x00000000 | |
| 18:35:56,304 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:58,107 | 588 | GetCursorPos |
y => 392 x => 107 |
SUCCESS | 0x00000001 | |
| 18:35:58,407 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:35:59,179 | 588 | GetCursorPos |
y => 266 x => 83 |
SUCCESS | 0x00000001 | |
| 18:35:59,479 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:36:00,270 | 588 | GetCursorPos |
y => 510 x => 506 |
SUCCESS | 0x00000001 | |
| 18:36:00,581 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:36:01,302 | 1304 | select |
socket => 0x00000001 |
SUCCESS | 0x00000000 | |
| 18:36:02,573 | 588 | GetCursorPos |
y => 189 x => 434 |
SUCCESS | 0x00000001 | |
| 18:36:02,874 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:36:03,645 | 588 | GetCursorPos |
y => 245 x => 335 |
SUCCESS | 0x00000001 | |
| 18:36:03,955 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:36:04,696 | 588 | GetCursorPos |
y => 84 x => 349 |
SUCCESS | 0x00000001 | |
| 18:36:04,696 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:36:04,696 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:36:04,696 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:36:04,696 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:36:04,696 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:36:04,696 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:36:04,707 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:36:04,707 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:36:04,707 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:36:04,707 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:36:04,707 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:36:04,707 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:36:04,707 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:36:04,717 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:36:04,717 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:36:04,717 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:36:04,717 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:36:04,717 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:36:04,717 | 588 | GetSystemMetrics |
SystemMetricIndex => 5 |
SUCCESS | 0x00000001 | |
| 18:36:04,717 | 588 | GetSystemMetrics |
SystemMetricIndex => 6 |
SUCCESS | 0x00000001 | |
| 18:36:05,768 | 588 | GetCursorPos |
y => 195 x => 330 |
SUCCESS | 0x00000001 | |
| 18:36:06,068 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 | |
| 18:36:06,309 | 1304 | select |
socket => 0x00000001 |
SUCCESS | 0x00000000 | |
| 18:36:06,820 | 588 | GetCursorPos |
y => 395 x => 205 |
SUCCESS | 0x00000001 | |
| 18:36:07,120 | 588 | GetCursorPos |
y => 0 x => 400 |
SUCCESS | 0x00000001 |